nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nullbite:main
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia
..
compare: nullbite:flake-parts-hosts
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia

No commits in common. "main" and "flake-parts-hosts" have entirely different histories.
main ... flake-part

132 changed files with 2214 additions and 3736 deletions
Show Stats Expand all files Collapse all files

12
.github/workflows/build-then-cache.yaml vendored
View File

@ -6,7 +6,7 @@ on:
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
@ -18,7 +18,7 @@ jobs:
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
@ -26,7 +26,7 @@ jobs:
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86-64_packages:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
@ -38,12 +38,12 @@ jobs:
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- run: 'nix develop .#ci --command bash ci/run_builds.sh packages'
build_x86-64:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
@ -55,7 +55,7 @@ jobs:
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'

8
.github/workflows/proactive-update.yaml vendored
View File

@ -9,7 +9,7 @@ on:
jobs:
build_arm:
runs-on: ubuntu-22.04-arm
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
@ -21,7 +21,7 @@ jobs:
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'
@ -29,7 +29,7 @@ jobs:
- run: 'nix develop .#ci --command bash ci/run_builds.sh'
build_x86:
runs-on: ubuntu-22.04
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@v16
@ -41,7 +41,7 @@ jobs:
- uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
# free useless disk space
- run: 'bash ci/util_free_space_extreme.sh'

31
ci/run_builds.sh
View File

@ -1,6 +1,4 @@
#!/usr/bin/env bash
# shellcheck disable=SC2317
# ^ SC2317 (Command appears to be unreachable.)
set -Exo pipefail
@ -8,7 +6,6 @@ err=0
set_error () {
err=1
pkill -s 0 -9 nix-eval-jobs || true
}
trap set_error ERR
@ -19,19 +16,14 @@ system="$(nix eval --impure --raw --expr 'builtins.currentSystem')"
run_builds () {
for i in "$@" ; do
nix-fast-build --eval-workers 1 --no-nom --skip-cache --attic-cache main -f "$i"
pkill -s 0 -9 nix-eval-jobs || true
done
}
_build_systems () {
build_systems () {
case "$system" in
# TODO this is messy and hard-coded, make an attribute set for
# each system containing the specializations as well as the nospec ver
x86_64-linux) run_builds \
.\#nixosConfigurations.nullbox.config.specialisation.hyprland.configuration.system.build.toplevel \
.\#nospec.nullbox.config.system.build.toplevel \
.\#nixosConfigurations.slab.config.specialisation.{hyprland,nvidia}.configuration.system.build.toplevel \
.\#nospec.slab.config.system.build.toplevel \
.\#nixosConfigurations.nullbox.config.system.build.toplevel \
.\#nixosConfigurations.slab.config.system.build.toplevel \
.\#nixosConfigurations.nixos-wsl.config.system.build.toplevel \
;;
@ -41,23 +33,6 @@ _build_systems () {
esac
}
build_systems () {
# system should be set in `nix develop` but just in case
local system
system="${system:-$(nix eval --impure --raw --expr 'builtins.currentSystem')}"
#nix eval --json .#legacyPackages."${system}".specialisedNixosConfigurations --apply 'builtins.attrNames' \
# | jq -c '.[]' \
# | while read -r line ; do
# local build
# build="$(printf '%s' "$line" | jq -r)"
# run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations.${build}"
# done
run_builds ".#legacyPackages.${system}.specialisedNixosConfigurations"
}
build_packages () {
run_builds .\#packages."${system}".redlib
}

15
default.nix
View File

@ -1,15 +0,0 @@
(
import
(
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
nodeName = lock.nodes.root.inputs.flake-compat;
in
fetchTarball {
url = lock.nodes.${nodeName}.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
sha256 = lock.nodes.${nodeName}.locked.narHash;
}
)
{src = ./.;}
)
.defaultNix

396
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1745630506,
"narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "96e078c646b711aee04b82ba01aefbff87004ded",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
@ -43,11 +43,11 @@
]
},
"locked": {
"lastModified": 1744289235,
"narHash": "sha256-ZFkHLdimtFzQACsVVyZkZlfYdj4iNy3PkzXfrwmlse8=",
"lastModified": 1738456976,
"narHash": "sha256-cufyHbOMnSt9V4w4OVSzNcpJ+8DwzRZRJaca2Q89KVI=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "c8282f4982b56dfa5e9b9f659809da93f8d37e7a",
"rev": "257b2050790ab3b1eb389e0f8bdc400eb9510139",
"type": "github"
},
"original": {
@ -61,11 +61,11 @@
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1745523430,
"narHash": "sha256-EAYWV+kXbwsH+8G/8UtmcunDeKwLwSOyfcmzZUkWE/c=",
"lastModified": 1732200724,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "58bfe2553d937d8af0564f79d5b950afbef69717",
"rev": "153d52373b0fb2d343592871009a286ec8837aec",
"type": "github"
},
"original": {
@ -146,11 +146,11 @@
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
@ -163,11 +163,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1744642301,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
"lastModified": 1736899990,
"narHash": "sha256-S79Hqn2EtSxU4kp99t8tRschSifWD4p/51++0xNWUxw=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
"rev": "91ca1f82d717b02ceb03a3f423cbe8082ebbb26d",
"type": "github"
},
"original": {
@ -177,12 +177,13 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -210,11 +211,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -271,31 +272,16 @@
"type": "github"
}
},
"flake-compat_7": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github"
},
"original": {
@ -325,28 +311,6 @@
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_4"
@ -370,11 +334,11 @@
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
@ -433,11 +397,11 @@
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
@ -537,11 +501,11 @@
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
@ -557,11 +521,11 @@
]
},
"locked": {
"lastModified": 1745627989,
"narHash": "sha256-mOCdFmxocBPae7wg7RYWOtJzWMJk34u9493ItY0dVqw=",
"lastModified": 1738789832,
"narHash": "sha256-HdlMPfObPu5y7oDfH/w3vvlU3UTQ/bQjSULChZARm5M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4d2d32231797bfa7213ae5e8ac89d25f8caaae82",
"rev": "30ea6fed4e4b41693cebc2263373dd810de4de49",
"type": "github"
},
"original": {
@ -607,11 +571,11 @@
]
},
"locked": {
"lastModified": 1742215578,
"narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=",
"lastModified": 1738178255,
"narHash": "sha256-+D6Nu2ewXbMTFzx/Q4jDOo+LAOUPr0cxQJg5k33daIE=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "2fd36421c21aa87e2fe3bee11067540ae612f719",
"rev": "dcadd3398abe146d60c67e0d9ee6e27b301cae82",
"type": "github"
},
"original": {
@ -636,11 +600,11 @@
]
},
"locked": {
"lastModified": 1745015490,
"narHash": "sha256-apEJ9zoSzmslhJ2vOKFcXTMZLUFYzh1ghfB6Rbw3Low=",
"lastModified": 1738437059,
"narHash": "sha256-J+8ecqaP3zD9GHeN8Y4hUapoELSoggp0IZI8laTFt/0=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "60754910946b4e2dc1377b967b7156cb989c5873",
"rev": "5ac80e3686a4dfa55d2bd15c81a266b89594a295",
"type": "github"
},
"original": {
@ -661,11 +625,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1745357037,
"narHash": "sha256-eakUr+0ON1muX3nusJy3eC66unUQtjgnUUzQ5XMIB+k=",
"lastModified": 1737984253,
"narHash": "sha256-h4KWLijrHK7rugD2oV8JfVgloD+xPW1jCVT2B7K+bjQ=",
"owner": "hyprwm",
"repo": "hypridle",
"rev": "b18d83027676d0efbc6d56ed4a6935ac65d75067",
"rev": "15ca902b2cb845a8a5378ec022c11a4a77155b83",
"type": "github"
},
"original": {
@ -690,11 +654,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1745593751,
"narHash": "sha256-OmAsshc/Z/2hgN9+OK1ZHfEvSkoRC9pROTmxzUTh4QU=",
"lastModified": 1738770121,
"narHash": "sha256-Sts8Mtu3H41IIdQRx0GQb574lkEEjgzHbknha5QLGko=",
"ref": "refs/heads/main",
"rev": "742bce016cb848d222fbfcfcf8d3894ea3fdaeff",
"revCount": 6028,
"rev": "8a6778f0a087cdfc4bc1d3751b0be2c2bf3322aa",
"revCount": 5791,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@ -742,11 +706,11 @@
]
},
"locked": {
"lastModified": 1743714874,
"narHash": "sha256-yt8F7NhMFCFHUHy/lNjH/pjZyIDFNk52Q4tivQ31WFo=",
"lastModified": 1738422629,
"narHash": "sha256-5v+bv75wJWvahyM2xcMTSNNxmV8a7hb01Eey5zYnBJw=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "3a5c2bda1c1a4e55cc1330c782547695a93f05b2",
"rev": "755aef8dab49d0fc4663c715fa4ad221b2aedaed",
"type": "github"
},
"original": {
@ -810,11 +774,11 @@
]
},
"locked": {
"lastModified": 1739048983,
"narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=",
"lastModified": 1737981711,
"narHash": "sha256-lh6cL5D8nPplB3WovCQjLUZ7k7MViiBrMlpkfm4R7/c=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8",
"rev": "96bf0677fa9cd13508294e3d4559dfbbc8beff73",
"type": "github"
},
"original": {
@ -868,11 +832,11 @@
]
},
"locked": {
"lastModified": 1744468525,
"narHash": "sha256-9HySx+EtsbbKlZDlY+naqqOV679VdxP6x6fP3wxDXJk=",
"lastModified": 1737634606,
"narHash": "sha256-W7W87Cv6wqZ9PHegI6rH1+ve3zJPiyevMFf0/HwdbCQ=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "f1000c54d266e6e4e9d646df0774fac5b8a652df",
"rev": "f41271d35cc0f370d300413d756c2677f386af9d",
"type": "github"
},
"original": {
@ -918,11 +882,11 @@
]
},
"locked": {
"lastModified": 1743950287,
"narHash": "sha256-/6IAEWyb8gC/NKZElxiHChkouiUOrVYNq9YqG0Pzm4Y=",
"lastModified": 1737978343,
"narHash": "sha256-TfFS0HCEJh63Kahrkp1h9hVDMdLU8a37Zz+IFucxyfA=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "f2dc70e448b994cef627a157ee340135bd68fbc6",
"rev": "6a8bc9d2a4451df12f5179dc0b1d2d46518a90ab",
"type": "github"
},
"original": {
@ -968,11 +932,11 @@
]
},
"locked": {
"lastModified": 1739870480,
"narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=",
"lastModified": 1735493474,
"narHash": "sha256-fktzv4NaqKm94VAkAoVqO/nqQlw+X0/tJJNAeCSfzK4=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b",
"rev": "de913476b59ee88685fdc018e77b8f6637a2ae0b",
"type": "github"
},
"original": {
@ -988,11 +952,11 @@
]
},
"locked": {
"lastModified": 1743417258,
"narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
"lastModified": 1738176500,
"narHash": "sha256-8ytokHHcKusbspRaiGP38s7fHU105JRvO9GRTzcRklg=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
"rev": "d449f6e1fc31084437ebc0c45057ee656f593efd",
"type": "github"
},
"original": {
@ -1019,7 +983,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
@ -1049,11 +1013,11 @@
]
},
"locked": {
"lastModified": 1745120797,
"narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
"lastModified": 1738466368,
"narHash": "sha256-PZhUjtvQZOH3PO0EYdTpQvcqkgkq1NkP2A6w9SPHYsk=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
"rev": "46a8f5fc9552b776bfc5c5c96ea3bede33f68f52",
"type": "github"
},
"original": {
@ -1064,18 +1028,18 @@
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1745630674,
"narHash": "sha256-mMdr7XcmWWjEibSd3nBhyS3MVI23RE6gdJFVT+Q3KCU=",
"lastModified": 1738803258,
"narHash": "sha256-EEWA8dppNe7Bct6nt8lg6ZmDiYXVQ7f6IqxFwA8zLrI=",
"owner": "Silveere",
"repo": "nix-minecraft",
"rev": "bd415685ddbee6ae1ee4ca6cf2252ad5b0c4e6db",
"rev": "25566dfab7e32faaeb11904471634e4c23d1ad24",
"type": "github"
},
"original": {
@ -1087,18 +1051,18 @@
},
"nix-minecraft-upstream": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1745632480,
"narHash": "sha256-Rjr9Dh33zXciPbSgOSoYoOJ7gpvpJ+wy04WGIUOY+Nw=",
"lastModified": 1738806350,
"narHash": "sha256-NaCd65SqWMROgbJzio9HW5WGNb5sOBfyuGVtccU4YmM=",
"owner": "infinidoge",
"repo": "nix-minecraft",
"rev": "ad10d773fc3a39ace88f495c2c111a0bf7f5a481",
"rev": "e35b9bfe00b0602f57de8f19745c3d91cb45efec",
"type": "github"
},
"original": {
@ -1109,17 +1073,17 @@
},
"nix-wsl": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_5",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1744290088,
"narHash": "sha256-/X9XVEl0EiyisNbF5srrxXRSVoRqdwExuqyspYqqEjQ=",
"lastModified": 1736095716,
"narHash": "sha256-csysw/Szu98QDiA2lhWk9seYOyCebeVEWL89zh1cduM=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "60b4904a1390ac4c89e93d95f6ed928975e525ed",
"rev": "63c3b4ed1712a3a0621002cd59bfdc80875ecbb0",
"type": "github"
},
"original": {
@ -1153,11 +1117,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1744932701,
"narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"lastModified": 1738410390,
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e",
"type": "github"
},
"original": {
@ -1169,33 +1133,14 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
"lastModified": 1738452942,
"narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-mopidy": {
"locked": {
"lastModified": 1734856068,
"narHash": "sha256-Q+CB1ajsJg4Z9HGHTBAGY1q18KpnnkmF/eCTLUY6FQ0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "93ff48c9be84a76319dac293733df09bbbe3f25c",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "93ff48c9be84a76319dac293733df09bbbe3f25c",
"type": "github"
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}
},
"nixpkgs-nix-du": {
@ -1232,11 +1177,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1745377448,
"narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
"lastModified": 1738765515,
"narHash": "sha256-/fN8eSCHWbjOPOe+rbJWfWrtOdFMElJW+L1y2Cq32bY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
"rev": "ccfae3057498f5a740be4c5a13aa800813a13084",
"type": "github"
},
"original": {
@ -1248,11 +1193,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1745487689,
"narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
"lastModified": 1738702386,
"narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
"rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e",
"type": "github"
},
"original": {
@ -1262,32 +1207,9 @@
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1745459908,
"narHash": "sha256-bWqgohVf/py9EW3bLS/dYbenD2p9N2/Qsw1+CJk1S04=",
"owner": "nix-community",
"repo": "NUR",
"rev": "dbc4ba3233b2bf951521177bf0ee0a7679959035",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"hyprland",
@ -1295,11 +1217,11 @@
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"type": "github"
},
"original": {
@ -1339,7 +1261,6 @@
"inputs": {
"agenix": "agenix",
"base16": "base16",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
@ -1354,14 +1275,11 @@
"nix-wsl": "nix-wsl",
"nixfiles-assets": "nixfiles-assets",
"nixpkgs": "nixpkgs_2",
"nixpkgs-mopidy": "nixpkgs-mopidy",
"nixpkgs-nix-du": "nixpkgs-nix-du",
"nixpkgs-unstable": "nixpkgs-unstable",
"rust-overlay": "rust-overlay_2",
"stylix": "stylix",
"systems": "systems_7",
"treefmt-nix": "treefmt-nix_2",
"zen-browser": "zen-browser"
"systems": "systems_7"
}
},
"rust-overlay": {
@ -1392,11 +1310,11 @@
]
},
"locked": {
"lastModified": 1745634793,
"narHash": "sha256-8AuOyfLNlcbLy0AqERSNUUoDdY+3THZI7+9VrXUfGqg=",
"lastModified": 1738808867,
"narHash": "sha256-m5rbY/ck0NAlfSBxo++vl7EZn8fkZ02H3kGGc7q883c=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f1aeaeb91ba9c88f235ab82bd23d7a4931fe736c",
"rev": "ae46f37fb727030ddc2ef65a675b751484c90032",
"type": "github"
},
"original": {
@ -1414,7 +1332,7 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat_7",
"flake-compat": "flake-compat_6",
"flake-utils": "flake-utils_3",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
@ -1424,20 +1342,18 @@
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems_6",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1745618823,
"narHash": "sha256-WGKSI0+CY3Ep2YnRASmBRU8oMIvTW4ngFyjA0dVcKgQ=",
"lastModified": 1738611626,
"narHash": "sha256-IgjqlYPaS8Bg+jc6a691w27XDFhBeM7gkP4eDcR2EBs=",
"owner": "danth",
"repo": "stylix",
"rev": "11ceb2fde1901dc227421bbbef2d0800339f5126",
"rev": "d513f59da5856978c363d2f82103f708f4a6024d",
"type": "github"
},
"original": {
@ -1585,30 +1501,14 @@
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1744974599,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1745111349,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
"lastModified": 1735737224,
"narHash": "sha256-FO2hRBkZsjlIRqzNHCPc/52yxg11kHGA8MEtSun9RwE=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
"rev": "aead506a9930c717ebf81cc83a2126e9ca08fa64",
"type": "github"
},
"original": {
@ -1633,48 +1533,6 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1744961264,
"narHash": "sha256-aRmUh0AMwcbdjJHnytg1e5h5ECcaWtIFQa6d9gI85AI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "8d404a69efe76146368885110f29a2ca3700bee6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
@ -1703,11 +1561,11 @@
]
},
"locked": {
"lastModified": 1744644585,
"narHash": "sha256-p0D/e4J6Sv6GSb+9u8OQcVHSE2gPNYB5ygIfGDyEiXQ=",
"lastModified": 1737634991,
"narHash": "sha256-dBAnb7Kbnier30cA7AgxVSxxARmxKZ1vHZT33THSIr8=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "be6771e754345f18244fb00aae5c9e5ab21ccc26",
"rev": "e09dfe2726c8008f983e45a0aa1a3b7416aaeb8a",
"type": "github"
},
"original": {
@ -1715,26 +1573,6 @@
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1745121923,
"narHash": "sha256-8X9JuDfxAEQlBhB0ARgFj9fbDOlCvPx6AbQ1h2T47/g=",
"owner": "youwen5",
"repo": "zen-browser-flake",
"rev": "02084a38e9dbc4fa17f3474c3e9d43bb7db55799",
"type": "github"
},
"original": {
"owner": "youwen5",
"repo": "zen-browser-flake",
"type": "github"
}
}
},
"root": "root",

192
flake.nix
View File

@ -9,24 +9,12 @@
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-nix-du.url = "github:NixOS/nixpkgs/c933cf4698e5189b35dd83bf4d7a81aef16d464a";
nixpkgs-mopidy.url = "github:NixOS/nixpkgs/93ff48c9be84a76319dac293733df09bbbe3f25c";
# this seems to be a popular way to declare systems
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# this is nice so one-off impure scripts can interact with attributes in
# this flake
flake-compat = {
url = "github:edolstra/flake-compat";
};
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
@ -85,11 +73,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
zen-browser = {
url = "github:youwen5/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
@ -142,8 +125,6 @@
./flake
./lib/nixfiles/module.nix
./pkgs/module.nix
./overlays
inputs.treefmt-nix.flakeModule
];
config = {
@ -153,86 +134,6 @@
# expose vars to nix repl
debug = lib.mkDefault true;
perSystem = {
config,
system,
pkgs,
self',
...
}: {
treefmt = {
programs = {
alejandra.enable = true;
};
};
legacyPackages.specialisedNixosConfigurations = let
attrs = lib.pipe self.nixosConfigurations [
(lib.filterAttrs (n: v: !(builtins.elem n ["iso" "rpi4-x86_64"])))
(lib.filterAttrs (n: v: v.pkgs.system or "" == system))
(lib.mapAttrs' (configName: v: let
nospec =
(v.extendModules {
modules = [
({lib, ...}: {
config.specialisation = lib.mkForce {};
})
];
})
.config;
configs =
(
lib.mapAttrs'
(n: v: lib.nameValuePair "specialisation-${n}" v.configuration)
v.config.specialisation
)
// {inherit nospec;};
in
lib.nameValuePair configName configs))
(
lib.concatMapAttrs (
configName: v:
(
lib.mapAttrs' (
specName: v: lib.nameValuePair "${configName}--${specName}" v
)
)
v
)
)
(lib.mapAttrs (_: v: v.system.build.toplevel))
];
in
attrs;
devShells = {
ci = pkgs.mkShell {
buildInputs = with pkgs; [
jq
nix-update
nix-fast-build
];
};
default = let
formatter =
pkgs.runCommandNoCC "flake-formatter" {
formatter = lib.getExe self'.formatter;
} ''
mkdir -p $out/bin
ln -s "$formatter" "$out/bin/formatter"
'';
in
pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nix-update
formatter
inputs.agenix.packages.${system}.default
];
};
};
};
nixfiles = {
vars = {
### Configuration
@ -262,32 +163,8 @@
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
};
zen-browser-overlay = final: prev: let
inherit (final) system callPackage;
input = inputs.zen-browser;
packages = input.packages.${system};
sources = builtins.fromJSON (builtins.readFile (input + "/sources.json"));
warnExists = name: value: let
pass =
if prev ? ${name}
then builtins.warn "zen-browser-overlay: Package `${name}` already exists. This overlay is no longer needed and should be removed." value
else value;
in
pass;
in {
zen-browser-bin = callPackage packages.zen-browser.override {};
zen-browser-unwrapped = warnExists "zen-browser-unwrapped" (callPackage packages.zen-browser-unwrapped.override {
inherit (sources.${system}) hash url;
inherit (sources) version;
});
};
in [
# TODO delete this, transfer all packages to new-packages overlay
packagesOverlay
self.overlays.new-packages
# various temporary fixes that automatically revert
self.overlays.mitigations
@ -302,7 +179,6 @@
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
zen-browser-overlay
];
systems = {
@ -337,6 +213,44 @@
# inputs is already defined
lib = nixpkgs.lib;
systems = ["x86_64-linux" "aarch64-linux"];
overlays = let
nix-minecraft-patched-overlay = let
normal = inputs.nix-minecraft-upstream.overlays.default;
quilt = inputs.nix-minecraft.overlays.default;
in
lib.composeExtensions
normal
(final: prev: let
x = quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
in [
(final: prev: let
packages = import ./pkgs {inherit (prev) pkgs;};
in {
inherit (packages) mopidy-autoplay google-fonts;
atool-wrapped = packages.atool;
})
# various temporary fixes that automatically revert
self.overlays.mitigations
# auto backports from nixpkgs unstable
self.overlays.backports
# modpacks (keeps modpack version in sync between hosts so i can reverse
# proxy create track map because it's broken)
self.overlays.modpacks
inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay
];
# function to generate packages for each system
eachSystem = lib.genAttrs (import inputs.systems);
@ -346,6 +260,24 @@
};
# }}}
in {
devShells = eachSystem (system: let
pkgs = import nixpkgs-unstable {inherit system;};
in {
ci = pkgs.mkShell {
buildInputs = with pkgs; [
nix-update
nix-fast-build
];
};
default = pkgs.mkShell {
buildInputs = with pkgs; [
alejandra
nix-update
inputs.agenix.packages.${system}.default
];
};
});
# nix flake modules are meant to be portable so we cannot rely on
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
@ -365,20 +297,12 @@
inherit system;
});
overlays = import ./overlays self;
nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
}; # end nixosConfigurations
nospec = lib.mapAttrs (n: v:
v.extendModules {
modules = [
(
{lib, ...}: {specialisation = lib.mkForce {};}
)
];
})
config.flake.nixosConfigurations;
homeConfigurations = {
# minimal root config
"root@rpi4" = mkHome {

2
flake/home.nix
View File

@ -1 +1 @@
{...}: {}
{ ... }: { }

2
flake/packages.nix
View File

@ -1,2 +1,2 @@
{...}: {
{ ... }: {
}

26
flake/system.nix
View File

@ -186,25 +186,9 @@ in {
lib,
...
}: let
perUserDefaultsModule = {lib, ...}: {
inheritStateVersionModule = {lib, ...}: {
config = {
# previously, home-manager inherited stateVersion from
# nixos in a really hacky way that depended on the wrapper
# function. this should preserve that behavior in a much
# safer way by directly setting it in a module. ideally, it
# should probably be set manually, but I want to maintain
# backwards compatibility for now.
home.stateVersion = lib.mkDefault config.system.stateVersion;
# pass the system nixpkgs config as defaults for the
# home-manager nixpkgs config. useGlobalPkgs prevents
# setting overlays at the home level; this allows for doing
# that while inheriting the system overlays.
nixpkgs = {
config = lib.mapAttrs (n: v: lib.mkDefault v) config.nixpkgs.config;
# mkOrder 900 is after mkBefore but before default order
overlays = lib.mkOrder 900 config.nixpkgs.overlays;
};
};
};
in {
@ -213,8 +197,14 @@ in {
homeManagerModuleInner
];
# previously, home-manager inherited stateVersion from nixos in
# a really hacky way that depended on the wrapper function.
# this should preserve that behavior in a much safer way by
# directly setting it in a module. ideally, it should probably
# be set manually, but I want to maintain backwards
# compatibility for now
options.home-manager.users = lib.mkOption {
type = with lib.types; attrsOf (submodule perUserDefaultsModule);
type = with lib.types; attrsOf (submodule inheritStateVersionModule);
};
};
in

3
home/common/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./wm
./nodm.nix

11
home/common/nix.nix
View File

@ -1,12 +1,5 @@
{
pkgs,
lib,
config,
osConfig ? {},
options,
nixpkgs,
...
}: let
{ pkgs, lib, config, osConfig ? { }, options, nixpkgs, ... }:
let
cfg = config.nixfiles.common.nix;
standalone = !(osConfig ? home-manager);
in {

43
home/common/nodm.nix
View File

@ -1,35 +1,28 @@
{
lib,
pkgs,
config,
osConfig ? {},
options,
...
}: let
{ lib, pkgs, config, osConfig ? {}, options, ... }:
let
cfg = config.nixfiles.common.nodm;
in {
in
{
config = let
hyprland = "${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty = "${pkgs.coreutils}/bin/tty";
initCommands = ''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in
lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
hyprland="${config.wayland.windowManager.hyprland.finalPackage}/bin/Hyprland";
tty="${pkgs.coreutils}/bin/tty";
initCommands =
''
if [[ "$(${tty})" == "/dev/tty1" && -z "''${WAYLAND_DISPLAY:+x}" ]] ; then
${hyprland}
fi
'';
in lib.mkIf (cfg.enable && config.wayland.windowManager.hyprland.enable) {
# auto start Hyprland on tty1
programs.zsh.initExtra = initCommands;
programs.bash.initExtra = initCommands;
};
options.nixfiles.common.nodm = {
enable = lib.mkOption {
type = lib.types.bool;
description = "Whether to automatically start a desktop session on TTY1, behaving like a rudimentary display manager.";
default =
osConfig
? systemd
default = osConfig ? systemd
&& config.nixfiles.meta.graphical
&& (!(
(osConfig.systemd.services.display-manager.enable or false)

32
home/common/shell.nix
View File

@ -1,9 +1,5 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
inherit (lib) mkOption mkEnableOption mkIf mkDefault;
cfg = config.nixfiles.common.shell;
@ -12,13 +8,12 @@
history | sed 's:^ \+[0-9]\+ \+::' | grep '^,' | cut -d' ' -f2- | sed 's:^\(-[^ ]\+ \?\)\+::g' | grep . | cut -d' ' -f1 | sort | uniq -c | sort -g
}
'';
in {
in
{
options.nixfiles.common.shell = {
enable =
lib.mkEnableOption ""
// {
description = "Whether to enable the nixfiles shell configuration.";
};
enable = lib.mkEnableOption "" // {
description = "Whether to enable the nixfiles shell configuration.";
};
};
config = mkIf cfg.enable {
@ -48,13 +43,11 @@ in {
};
programs.zsh = {
enable = mkDefault true;
initExtra =
''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
''
+ common_functions "zsh";
initExtra = ''
export HOME_MANAGER_MANAGED=true
[[ -e ~/dotfiles/shell/.zshrc ]] && . ~/dotfiles/shell/.zshrc ]]
unset HOME_MANAGER_MANAGED
'' + common_functions "zsh";
oh-my-zsh = {
enable = mkDefault true;
theme = "robbyrussell";
@ -66,5 +59,6 @@ in {
];
};
};
};
}

68
home/common/theme.nix
View File

@ -1,51 +1,35 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.theming;
mkDefaultStylix = lib.mkOverride 999;
toCaps = s:
with lib.strings;
with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s) - 1) s);
toCaps = s: with lib.strings; with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s)-1) s);
inherit (lib.strings) toUpper toLower;
mkCtp = flavor: accent:
with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override {
variant = toLower flavor;
accent = toLower accent;
};
icons = catppuccin-papirus-folders.override {
flavor = toLower flavor;
accent = toLower accent;
};
gtk = catppuccin-gtk.override {
variant = toLower flavor;
accents = [(toLower accent)];
};
mkCtp = flavor: accent: with pkgs; {
names = {
cursors = "catppuccin-${toLower flavor}-${toLower accent}-cursors";
icons = "Papirus-Dark";
gtk = let
base = "Catppuccin-${toCaps flavor}-Standard-${toCaps accent}-Dark";
in {
normal = "${base}";
hdpi = "${base}-hdpi";
xhdpi = "${base}-xhdpi";
};
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override { variant = toLower flavor; accent = toLower accent; };
icons = catppuccin-papirus-folders.override { flavor = toLower flavor; accent = toLower accent; };
gtk = catppuccin-gtk.override { variant = toLower flavor; accents = [ (toLower accent) ]; };
};
};
ctp = with cfg.catppuccin; mkCtp flavor accent;
in {
options.nixfiles.theming = {
options.nixfiles.theming = {
enable = lib.mkEnableOption "nixfiles theming options";
catppuccin = {
@ -70,11 +54,9 @@ in {
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = with pkgs;
[
ubuntu_font_family
]
++ lib.mapAttrsToList (k: v: v) ctp.packages;
home.packages = with pkgs; [
ubuntu_font_family
] ++ lib.mapAttrsToList (k: v: v) ctp.packages;
gtk = {
enable = true;

45
home/common/wm/default.nix
View File

@ -1,22 +1,17 @@
{
pkgs,
lib,
config,
osConfig ? {},
options,
...
}: let
{ pkgs, lib, config, osConfig ? {}, options, ...}:
let
cfg = config.nixfiles.common.wm;
inherit (lib) mkDefault;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in {
in
{
options.nixfiles.common.wm = {
enable = lib.mkEnableOption "common window manager config";
autostart = lib.mkOption {
description = "List of window manager agnostic commnads to run at window manager startup";
type = lib.types.listOf lib.types.str;
default = [];
example = ["steam -silent"];
default = [ ];
example = [ "steam -silent" ];
};
};
@ -56,14 +51,8 @@ in {
nwg-displays
# very consistent (ok it's actually a little better now)
(catppuccin-papirus-folders.override {
accent = "mauve";
flavor = "mocha";
})
(pkgs.catppuccin-kvantum.override {
accent = "mauve";
variant = "mocha";
})
(catppuccin-papirus-folders.override {accent = "mauve"; flavor = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "mauve"; variant = "mocha"; })
catppuccin-cursors.mochaMauve
arc-theme
@ -84,19 +73,19 @@ in {
};
};
# File associations
xdg.mimeApps = {
enable = true;
defaultApplications = let
defaultBrowser = ["firefox.desktop"];
in
mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
defaultBrowser = [ "firefox.desktop" ];
in mkOverrideEach 50 {
"x-scheme-handler/https" = defaultBrowser;
"x-scheme-handler/http" = defaultBrowser;
"text/html" = defaultBrowser;
"application/xhtml+xml" = defaultBrowser;
"application/pdf" = defaultBrowser;
};
};
# this makes xdg.mimeApps overwrite mimeapps.list if it has been touched by something else
xdg.configFile."mimeapps.list" = {

14
home/common/wm/keybinds.nix
View File

@ -1,16 +1,12 @@
{
pkgs,
config,
lib,
outputs,
...
}: let
{ pkgs, config, lib, outputs, ... }:
let
df = lib.mkDefault;
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) value);
mkxf = with lib; mapAttrs' (name: value: nameValuePair ("XF86" + name) (value));
# not rewriting this rn
keysetting = "${outputs.packages.${pkgs.system}.wm-helpers}/bin/keysetting";
in {
in
{
options.nixfiles.common.wm = {
keybinds = lib.mkOption {
description = ''

22
home/default.nix
View File

@ -1,18 +1,10 @@
{
pkgs,
config,
lib,
options,
osConfig ? {},
nixpkgs,
home-manager,
inputs,
...
} @ args: let
{ pkgs, config, lib, options, osConfig ? { }, nixpkgs, home-manager, inputs, ... }@args:
let
isStandalone = osConfig ? home-manager;
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in {
in
{
imports = [
./common
./package-sets
@ -33,7 +25,7 @@ in {
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) {inherit pkgs;};
default = (import ../lib/nixfiles) { inherit pkgs; };
readOnly = true;
};
@ -61,13 +53,13 @@ in {
meta.graphical = lib.mkOption {
description = "Whether to enable graphical home-manager applications";
type = lib.types.bool;
default = osConfig ? services && osConfig.services.xserver.enable;
default = (osConfig ? services && osConfig.services.xserver.enable);
example = true;
};
meta.wayland = lib.mkOption {
description = "Whether to prefer wayland packages and configuration";
type = lib.types.bool;
default = (lib.hasAttrByPath ["nixfiles" "meta" "wayland"] osConfig) && osConfig.nixfiles.meta.wayland;
default = (lib.hasAttrByPath [ "nixfiles" "meta" "wayland" ] osConfig) && osConfig.nixfiles.meta.wayland;
example = true;
};

60
home/package-sets/communication.nix
View File

@ -1,12 +1,10 @@
{
pkgs,
lib,
config,
osConfig ? {},
inputs,
...
}: let
{ pkgs, lib, config, osConfig ? {}, inputs, ... }:
let
cfg = config.nixfiles.packageSets.communication;
rustdesk-pkg = if (lib.strings.hasInfix "23.11" lib.version) then
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.rustdesk-flutter
else
pkgs.rustdesk-flutter;
vesktop-ozone-cmd = let
extraFlags = lib.optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
@ -19,21 +17,23 @@
done
exec "$@"
'';
in {
in
{
options.nixfiles.packageSets.communication = {
enable = lib.mkEnableOption "communication package set";
};
config = lib.mkIf cfg.enable {
xdg.desktopEntries.vesktop = lib.mkIf config.nixfiles.meta.graphical {
categories = ["Network" "InstantMessaging" "Chat"];
exec = vesktop-ozone-cmd + " %U";
genericName = "Internet Messenger";
icon = "vesktop";
name = "Vesktop";
type = "Application";
categories= ["Network" "InstantMessaging" "Chat"];
exec=vesktop-ozone-cmd + " %U";
genericName="Internet Messenger";
icon="vesktop";
name="Vesktop";
type="Application";
settings = {
StartupWMClass = "Vesktop";
Keywords = "discord;vencord;electron;chat";
StartupWMClass="Vesktop";
Keywords="discord;vencord;electron;chat";
};
};
@ -41,19 +41,17 @@ in {
(waitNet + " " + vesktop-ozone-cmd + " --start-minimized")
];
home.packages = with pkgs;
lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-flutter
tor-browser
onionshare
]
++ [
irssi
];
home.packages = with pkgs; lib.optionals config.nixfiles.meta.graphical [
element-desktop
telegram-desktop
signal-desktop
thunderbird
vesktop
rustdesk-pkg
tor-browser
onionshare
] ++ [
irssi
];
};
}

3
home/package-sets/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./communication.nix
./dev.nix

12
home/package-sets/dev.nix
View File

@ -1,12 +1,8 @@
{
pkgs,
lib,
config,
osConfig ? {},
...
}: let
{ pkgs, lib, config, osConfig ? {}, ... }:
let
cfg = config.nixfiles.packageSets.dev;
in {
in
{
options.nixfiles.packageSets.dev = {
enable = lib.mkEnableOption "development package set";
};

38
home/package-sets/gaming.nix
View File

@ -1,35 +1,27 @@
{
config,
osConfig ? {},
lib,
pkgs,
...
}: let
{ config, osConfig ? { }, lib, pkgs, ... }:
let
cfg = config.nixfiles.packageSets.gaming;
default = osConfig.nixfiles.packageSets.gaming.enable or false;
in {
in
{
config = lib.mkIf cfg.enable {
nixpkgs.overlays = let
in
lib.mkAfter [];
in lib.mkAfter [ ];
nixfiles.common.wm.autostart = [
"steam -silent"
];
home.packages = with pkgs;
[
ludusavi
rclone # needed to sync ludusavi
protontricks
]
++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
lucem
];
home.packages = with pkgs; [
ludusavi
rclone # needed to sync ludusavi
protontricks
] ++ lib.optionals cfg.enableLaunchers [
steam
prismlauncher
heroic
legendary-gl
];
};
options.nixfiles.packageSets.gaming = {
enable = lib.mkOption {

70
home/package-sets/multimedia.nix
View File

@ -1,15 +1,11 @@
{
config,
lib,
pkgs,
osConfig ? {},
...
}: let
{ config, lib, pkgs, osConfig ? { }, ...}:
let
cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optionals mkEnableOption mkIf;
default = osConfig ? nixfiles && osConfig.nixfiles.packageSets.multimedia.enable;
mkOverrideEach = pri: lib.mapAttrs (_:v: lib.mkOverride pri v);
in {
in
{
options.nixfiles.packageSets.multimedia = {
enable = lib.mkOption {
description = "Whether to enable multimedia packages";
@ -20,43 +16,41 @@ in {
};
config = mkIf cfg.enable {
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
]
++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
mpv
gimp
krita
inkscape
obs-studio
nomacs
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
] ++ [
yt-dlp
gallery-dl
imagemagick
pngquant
ffmpeg
gifski
];
xdg.mimeApps.defaultApplications = lib.mkMerge [
# project files
(mkOverrideEach 100 {
"image/x-xcf" = ["gimp.desktop"];
"image/x-compressed-xcf" = ["gimp.desktop"];
"image/x-krita" = ["krita.desktop"];
"application/x-audacity-project" = ["audacity.desktop"];
"application/x-audacity-project+sqlite3" = ["audacity.desktop"];
"image/svg+xml" = ["org.inkscape.Inkscape.desktop"];
"image/svg+xml-compressed" = ["org.inkscape.Inkscape.desktop"];
"image/x-xcf" = [ "gimp.desktop" ];
"image/x-compressed-xcf" = [ "gimp.desktop" ];
"image/x-krita" = [ "krita.desktop" ];
"application/x-audacity-project" = [ "audacity.desktop" ];
"application/x-audacity-project+sqlite3" = [ "audacity.desktop" ];
"image/svg+xml" = [ "org.inkscape.Inkscape.desktop" ];
"image/svg+xml-compressed" = [ "org.inkscape.Inkscape.desktop" ];
})
# general files
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [nomacs mpv]))
(with pkgs; mkOverrideEach 150 (config.lib.xdg.mimeAssociations [ nomacs mpv ]))
# rest of the files
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [inkscape gimp audacity]))
(with pkgs; mkOverrideEach 200 (config.lib.xdg.mimeAssociations [ inkscape gimp audacity ]))
];
};
}

54
home/package-sets/productivity.nix
View File

@ -1,39 +1,33 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, config, ... }:
let
cfg = config.nixfiles.packageSets.productivity;
inherit (lib) optionals;
in {
in
{
config = lib.mkIf cfg.enable {
home.packages = with pkgs;
optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
zen-browser-bin
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
# mapping/GIS
qgis
josm
]
++ [
pandoc
];
# mapping/GIS
qgis
josm
] ++ [
pandoc
];
xdg.desktopEntries.obsidian = lib.mkIf config.nixfiles.meta.graphical {
categories = ["Office"];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = ["x-scheme-handler/obsidian"];
name = "Obsidian";
type = "Application";
categories = [ "Office" ];
comment = "Knowledge base";
exec = let
extraFlags = with lib.strings;
optionalString config.nixfiles.workarounds.nvidiaPrimary " --disable-gpu";
in "env NIXOS_OZONE_WL=1 obsidian${extraFlags} %u";
icon = "obsidian";
mimeType = [ "x-scheme-handler/obsidian" ];
name = "Obsidian";
type = "Application";
};
};

191
home/profile/base.nix
View File

@ -1,12 +1,8 @@
{
lib,
pkgs,
config,
osConfig ? {},
...
}: let
{ lib, pkgs, config, osConfig ? { }, ... }:
let
cfg = config.nixfiles.profile.base;
in {
in
{
# imports = [
# ./comma.nix
# ];
@ -35,34 +31,10 @@ in {
"${config.home.profileDirectory}/share/terminfo"
"/usr/share/terminfo"
];
in
builtins.concatStringsSep ":" terminfo-dirs;
in builtins.concatStringsSep ":" terminfo-dirs;
})
];
programs.git = {
enable = lib.mkDefault true;
maintenance.enable = lib.mkDefault true;
# default value is stateVersion dependent, doesn't evaluate after 25.05
# even if signing isn't configured for some reason
signing.format = lib.mkDefault "openpgp";
};
# this allows `git config --global` commands to work by ensuring the
# presense of ~/.gitconfig. git will read from both files, and `git config`
# will not write to ~/.gitconfig when the managed config exists unless
# ~/.gitconfig also exists
home.activation.git-create-gitconfig =
lib.mkIf config.programs.git.enable
(lib.hm.dag.entryAfter ["writeBoundary"] ''
_nixfiles_git_create_gitconfig () {
if ! [[ -a "$HOME/.gitconfig" ]] ; then
touch "$HOME/.gitconfig"
fi
}
run _nixfiles_git_create_gitconfig
'');
programs.btop.enable = lib.mkDefault true;
programs.ranger = let
@ -70,18 +42,16 @@ in {
# defaultTerminal =
# if config.programs.kitty.enable then "kitty"
# else null;
in {
enable = lib.mkDefault true;
settings = lib.mkMerge [
{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
}
(lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})
];
settings = lib.mkMerge [{
use_preview_script = lib.mkDefault true;
preview_files = lib.mkDefault true;
} (lib.mkIf (!(isNull defaultTerminal)) {
preview_images = lib.mkDefault true;
preview_images_method = lib.mkDefault defaultTerminal;
})];
};
programs.keychain = {
@ -91,8 +61,7 @@ in {
extraFlags = [
"--quiet"
"--systemd"
"--inherit"
"any-once"
"--inherit" "any-once"
"--noask"
];
};
@ -109,79 +78,77 @@ in {
neofetch-hyfetch-shim = writeShellScriptBin "neofetch" ''
exec "${pkgs.hyfetch}/bin/neowofetch" "$@"
'';
in
[
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
in [
# nix stuff
nvd
nix-tree
nh
nix-output-monitor
attic-client
nix-fast-build
git
git-lfs
stow
curl
git
git-lfs
stow
curl
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# shell
ripgrep
fd
bat
moreutils
grc
fzf
pv
jq
lsof
xxd
shellcheck
# for icat on all systems
kitty.kitten
# for icat on all systems
kitty.kitten
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# pretty
hyfetch
neofetch-hyfetch-shim
fastfetch
# files
restic
rclone
rmlint
ncdu
# files
restic
rclone
rmlint
ncdu
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# compression
atool-wrapped
lzip
plzip
lzop
xz
zip
unzip
arj
rpm
cpio
p7zip
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
]
++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
# other utilities
tmux
tmuxp
openssh
autossh
mosh
btop
htop
zoxide
asciinema
mtr
] ++ builtins.map (x: lib.hiPrio x) [
# terminfo (just the ones i'm likely to use)
kitty.terminfo
alacritty.terminfo
termite.terminfo
tmux.terminfo
];
};
}

3
home/profile/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./base.nix
./pc.nix

12
home/profile/pc.nix
View File

@ -1,13 +1,9 @@
{
pkgs,
config,
osConfig ? {},
lib,
...
}: let
{ pkgs, config, osConfig ? {}, lib, ...}:
let
cfg = config.nixfiles.profile.pc;
default = osConfig ? nixfiles && osConfig.nixfiles.profile.pc.enable;
in {
in
{
options.nixfiles.profile.pc.enable = lib.mkOption {
description = "Whether to enable the personal computer profile";
type = lib.types.bool;

19
home/programs/comma.nix
View File

@ -1,12 +1,8 @@
{
lib,
pkgs,
config,
inputs,
...
} @ args: let
{ lib, pkgs, config, inputs, ... } @args:
let
cfg = config.nixfiles.programs.comma;
in {
in
{
imports = [
inputs.nix-index-database.hmModules.nix-index
];
@ -17,9 +13,8 @@ in {
config = {
programs.nix-index.symlinkToCacheHome = lib.mkDefault cfg.enable;
home.packages = with pkgs;
lib.optionals cfg.enable [
comma
];
home.packages = with pkgs; lib.optionals cfg.enable [
comma
];
};
}

3
home/programs/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./comma.nix
./mopidy.nix

8
home/programs/dunst.nix
View File

@ -1,9 +1,5 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.programs.dunst;
mkd = lib.mkDefault;
in {

29
home/programs/hypridle.nix
View File

@ -1,25 +1,21 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
cfg = config.nixfiles.services.hypridle;
inherit (lib.types) str int;
in {
in
{
options.nixfiles.services.hypridle = {
enable = lib.mkEnableOption "the hypridle configuration";
timeouts = let
mkTimeout = timeout: desc:
lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
mkTimeout = timeout: desc: lib.mkOption {
description = "${desc}";
type = int;
default = timeout;
};
in {
dpms = mkTimeout 300 "DPMS timeout";
lock = mkTimeout 360 "Lock timeout";
locked-dpms = mkTimeout 10 "DPMS timeout while locked";
dpms = mkTimeout (300) "DPMS timeout";
lock = mkTimeout (360) "Lock timeout";
locked-dpms = mkTimeout (10) "DPMS timeout while locked";
};
commands = {
dpms-off = lib.mkOption {
@ -61,6 +57,7 @@ in {
lock-dpms = pkgs.writeShellScript "lock-dpms" ''
${pkgs.procps}/bin/pgrep -x swaylock > /dev/null && "${dpms-wrapped}"
'';
in [
{
timeout = cfg.timeouts.dpms;

15
home/programs/mopidy.nix
View File

@ -1,13 +1,8 @@
{
lib,
pkgs,
config,
outputs,
osConfig ? {},
...
}: let
{ lib, pkgs, config, outputs, osConfig ? {}, ... }:
let
cfg = config.nixfiles.programs.mopidy;
in {
in
{
options.nixfiles.programs.mopidy = {
enable = lib.mkEnableOption "mopidy configuration";
};
@ -43,7 +38,7 @@ in {
];
};
home.packages = with pkgs; [
(ncmpcpp.override {visualizerSupport = true;})
(ncmpcpp.override { visualizerSupport = true; })
];
};
}

12
home/programs/neovim.nix
View File

@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.programs.neovim;
in {
in
{
options.nixfiles.programs.neovim.enable = lib.mkEnableOption "the Neovim configuration";
config = lib.mkIf cfg.enable {
programs.neovim = {
@ -18,7 +15,6 @@ in {
rust-analyzer
vscode-langservers-extracted
pyright
gcc
];
};
};

8
home/root.nix
View File

@ -1,12 +1,8 @@
# Configuration for root user.
# TODO this file is sorta an exception to my repo organization, it should
# probably be somewhere else.
{
config,
lib,
pkgs,
...
} @ args: {
{ config, lib, pkgs, ... }@args:
{
imports = [
./.
];

3
home/sessions/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./hyprland
./plasma.nix

235
home/sessions/hyprland/default.nix
View File

@ -1,12 +1,5 @@
{
lib,
pkgs,
config,
osConfig ? {},
outputs,
inputs,
...
} @ args: let
{ lib, pkgs, config, osConfig ? {}, outputs, inputs, ... }@args:
let
cfg = config.nixfiles.sessions.hyprland;
mkd = lib.mkDefault;
hyprland-pkg = config.wayland.windowManager.hyprland.finalPackage;
@ -19,7 +12,7 @@
rofi = "${pkgs.rofi-wayland}/bin/rofi";
notifydaemon = "${pkgs.dunst}/bin/dunst";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
polkit-agent = "${pkgs.kdePackages.polkit-kde-agent-1}/libexec/polkit-kde-authentication-agent-1";
polkit-agent = "${pkgs.polkit-kde-agent}/libexec/polkit-kde-authentication-agent-1";
grimblast = "${inputs.hyprwm-contrib.packages.${pkgs.system}.grimblast}/bin/grimblast";
swayidle = "${pkgs.swayidle}/bin/swayidle";
swaylock = "${config.programs.swaylock.package}/bin/swaylock";
@ -31,15 +24,13 @@
lock-cmd = "${swaylock}";
mkKittyHdrop = name: command: let
class =
if builtins.isNull (builtins.match "[[:alnum:]_]+" name)
then throw "mkKittyHdrop: window name should be an alphanumeric string"
else "kitty-${name}";
class = if builtins.isNull (builtins.match "[[:alnum:]_]+" name) then throw "mkKittyHdrop: window name should be an alphanumeric string" else "kitty-${name}";
wrappedCommand = pkgs.writeShellScript "hdrop-${name}" ''
exec bash -c ${lib.escapeShellArg command}
'';
in "hdrop -f -c ${class} 'kitty --class=${class} ${wrappedCommand}'";
# lock-cmd = let
# cmd = pkgs.writeShellScript "lock-script" ''
# ${swayidle} -w timeout 10 '${hyprctl} dispatch dpms off' resume '${hyprctl} dispatch dpms on' &
@ -57,7 +48,7 @@
resume 'hyprctl dispatch dpms on'
'';
hypr-dispatcher-package = pkgs.callPackage ./dispatcher {hyprland = hyprland-pkg;};
hypr-dispatcher-package = pkgs.callPackage ./dispatcher { hyprland = hyprland-pkg; };
hypr-dispatcher = "${hypr-dispatcher-package}/bin/hypr-dispatcher";
wallpaper-package = "${pkgs.nixfiles-assets}";
@ -65,8 +56,7 @@
wallpaper-cmd = "${swaybg} -i ${wallpaper-package}/share/wallpapers/${wallpaper}";
# https://github.com/flatpak/xdg-desktop-portal-gtk/issues/440#issuecomment-1900520919
xdpg-workaround =
pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
xdpg-workaround = pkgs.writeShellScript "xdg-desktop-portal-gtk-workaround"
''
${pkgs.coreutils}/bin/sleep 3
${pkgs.systemd}/bin/systemctl --user import-environment PATH
@ -75,20 +65,19 @@
bar-cmd = "${pkgs.waybar}/bin/waybar";
# Hyprland workspace configuration
mainWorkspaces = builtins.genList (x: x + 1) (9 ++ [0]);
mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]);
workspaceName = key: let
inherit (builtins) hasAttr;
keyNames = {
"0" = "10";
};
in
if hasAttr key keyNames
then keyNames."${key}"
else key;
if hasAttr key keyNames then keyNames."${key}" else key;
inherit (outputs.packages.${pkgs.system}) wm-helpers;
keysetting = "${wm-helpers}/bin/keysetting";
in {
in
{
# FIXME this is temporary just to get it working, need to make wm-common an
# option first
# imports = [
@ -99,10 +88,7 @@ in {
enable = lib.mkOption {
description = "Whether to enable hyprland.";
type = lib.types.bool;
default =
if (builtins.hasAttr "home-manager" osConfig)
then osConfig.nixfiles.sessions.hyprland.enable
else false;
default = if (builtins.hasAttr "home-manager" osConfig) then osConfig.nixfiles.sessions.hyprland.enable else false;
example = true;
};
@ -126,7 +112,7 @@ in {
nixfiles.common.wm.enable = true;
home.packages = with pkgs; [
kitty
kdePackages.dolphin
dolphin
rofi-wayland
wev
dunst
@ -147,6 +133,7 @@ in {
enable = true;
package = lib.mkIf (osConfig ? programs) (lib.mkDefault osConfig.programs.hyprland.package);
settings = {
# enable debug logging
debug.disable_logs = mkd false;
@ -163,17 +150,15 @@ in {
exec-once = let
wrapScope = cmd: "systemd-run --user --scope -- ${cmd}";
in
(lib.optional cfg.autolock lock-cmd)
++ (map wrapScope config.nixfiles.common.wm.autostart)
++ [
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
in (lib.optional cfg.autolock lock-cmd) ++ (map wrapScope config.nixfiles.common.wm.autostart) ++
[
wallpaper-cmd
notifydaemon
polkit-agent
idle-cmd
xdpg-workaround
bar-cmd
];
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
@ -181,13 +166,14 @@ in {
# Some default env vars.
# env = mkd "XCURSOR_SIZE,24";
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input = {
kb_layout = mkd "us";
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
# kb_variant =
# kb_model =
# kb_options =
# kb_rules =
kb_options = [
"compose:ralt"
];
@ -254,18 +240,18 @@ in {
};
master = {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
# new_is_master = mkd "true";
};
gestures = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = mkd "false";
};
misc = {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = mkd 0; # Set to 0 to disable the anime mascot wallpapers
};
"$mod" = mkd "SUPER";
@ -277,98 +263,95 @@ in {
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind =
[
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
bind = [
"$mod, Q, exec, ${terminal}"
"$mod, Return, exec, ${terminal}"
"$mod, C, killactive, "
"$mod, M, exit, "
"$mod, E, exec, ${files}"
"$mod, V, togglefloating, "
# run rofi in scope to help oomd not kill everything
"$mod, R, exec, systemd-run --user --scope -- ${rofi} -show drun"
"$mod, P, pseudo," # dwindle"
"$mod, O, togglesplit," # dwindle"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod CTRL, f, fullscreen, 1"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
# Move focus with mod + arrow keys
"$mod, left, movefocus, l"
"$mod, right, movefocus, r"
"$mod, up, movefocus, u"
"$mod, down, movefocus, d"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod, h, movefocus, l"
"$mod, j, movefocus, d"
"$mod, k, movefocus, u"
"$mod, l, movefocus, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
"$mod SHIFT, h, swapwindow, l"
"$mod SHIFT, j, swapwindow, d"
"$mod SHIFT, k, swapwindow, u"
"$mod SHIFT, l, swapwindow, r"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# Switch workspaces with mod + [0-9]
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
#] ++ map () [] ++ TODO reconfigure these with workspace helper function
#[
# Move active window to a workspace with mod + SHIFT + [0-9]
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# TODO find a different keybind for this because damn you muscle memory
# # Example special workspace (scratchpad)
# "$mod, S, togglespecialworkspace, magic"
# "$mod SHIFT, S, movetoworkspace, special:magic"
"$mod SHIFT, S, exec, ${grimblast} copy area"
"$mod CONTROL SHIFT, S, exec, ${grimblast} copy output"
",Print, exec, ${grimblast} copy output"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# lock screen
"$mod SHIFT, x, exec, ${lock-cmd}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# volume mixer
"$mod CTRL, v, exec, ${mkKittyHdrop "pulsemixer" "pulsemixer"}"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# Scroll through existing workspaces with mod + scroll
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
]
++ lib.optional config.nixfiles.programs.mopidy.enable
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "
+ lib.escapeShellArg (config.nixfiles.path + "/home/sessions/hyprland/default.nix"))
] ++ lib.optional config.nixfiles.programs.mopidy.enable
"$mod CTRL, n, exec, ${mkKittyHdrop "ncmpcpp" "ncmpcpp"}";
# repeat, ignore mods
bindei =
lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindei = lib.mapAttrsToList (keysym: command: ",${keysym}, exec, ${command}") config.nixfiles.common.wm.finalKeybinds
++ [
];
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging

29
home/sessions/hyprland/dispatcher/default.nix
View File

@ -1,20 +1,19 @@
{
lib,
{ lib,
stdenvNoCC,
socat,
coreutils,
hyprland,
makeShellWrapper,
}: let
wrappedPath = lib.makeBinPath [coreutils socat hyprland];
makeShellWrapper }:
let
wrappedPath = lib.makeBinPath [ coreutils socat hyprland ];
in
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = ["installPhase"];
nativeBuildInputs = [makeShellWrapper];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}
stdenvNoCC.mkDerivation {
name = "hyprland-dispatcher";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeShellWrapper ];
src = ./.;
installPhase = ''
install -Dm555 $src/dispatcher.sh $out/bin/hypr-dispatcher
wrapProgramShell $out/bin/hypr-dispatcher --prefix PATH : "${wrappedPath}"
'';
}

20
home/sessions/plasma.nix
View File

@ -1,13 +1,9 @@
{
pkgs,
config,
lib,
osConfig ? {},
...
}: let
{ pkgs, config, lib, osConfig ? {}, ... }:
let
inherit (lib) mkOption mkEnableOption;
cfg = config.nixfiles.sessions.plasma;
in {
in
{
options.nixfiles.sessions.plasma = {
enable = lib.mkOption {
description = "Whether to enable the Plasma session home configuration.";
@ -17,12 +13,12 @@ in {
};
};
config = lib.mkIf cfg.enable {
# TODO make this a generic implementation
home.packages = let
startupScript =
pkgs.writeShellScript "autostart-script"
startupScript = pkgs.writeShellScript "autostart-script"
(lib.concatStringsSep "\n"
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
name = "home-manager-autostart";
desktopFilePkg = pkgs.makeDesktopItem {
@ -34,6 +30,6 @@ in {
mkdir -p $out/etc/xdg/autostart
ln -s "${desktopFilePkg}/share/applications/${name}.desktop" "$out/etc/xdg/autostart/"
'';
in [autostartPkg];
in [ autostartPkg ];
};
}

7
home/standalone.nix
View File

@ -1,12 +1,7 @@
# Home Manager default nixfiles entrypoint. This serves as an alternative to
# default.nix, which sets up some more appropriate options for home-manager
{ inputs, pkgs, config, lib, ... }:
{
inputs,
pkgs,
config,
lib,
...
}: {
imports = [
./.
inputs.stylix.homeManagerModules.stylix

9
home/stylix.nix
View File

@ -1,11 +1,6 @@
{ pkgs, lib, config, inputs, ... }@args:
{
pkgs,
lib,
config,
inputs,
...
} @ args: {
imports = [];
imports = [ ];
config = {
stylix = lib.mkMerge [
{

12
hosts/nixos-wsl/configuration.nix
View File

@ -1,10 +1,5 @@
{ pkgs, config, lib, vars, ... }:
{
pkgs,
config,
lib,
vars,
...
}: {
config = {
networking.hostName = "nixos-wsl";
@ -31,7 +26,7 @@
RemainAfterExit = true;
};
description = "WSL startup workaround";
wantedBy = ["default.target"];
wantedBy = [ "default.target" ];
};
};
@ -47,9 +42,10 @@
noto-fonts-cjk-sans
];
fileSystems."/mnt/wsl/instances/NixOS" = {
device = "/";
options = ["bind"];
options = [ "bind" ];
};
# standard disclaimer don't change this for any reason whatsoever

9
hosts/nixos-wsl/home.nix
View File

@ -1,12 +1,7 @@
{ pkgs, lib, config, osConfig ? {}, ... }:
{
pkgs,
lib,
config,
osConfig ? {},
...
}: {
config = {
nixfiles = {
nixfiles = {
profile.base.enable = true;
packageSets.dev.enable = true;
packageSets.multimedia.enable = true;

18
hosts/nullbox/backup.nix
View File

@ -1,22 +1,20 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
inherit (lib) escapeShellArg;
secret = name: config.age.secrets."${name}".path;
fs = config.fileSystems."/srv/mcserver";
in {
in
{
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
systemd.services.restic-backups-system = {
path = with pkgs; [btrfs-progs];
path = with pkgs; [ btrfs-progs ];
};
services.restic.backups.system = {
# create an atomic backup
backupPrepareCommand = ''
set -Eeuxo pipefail
@ -39,7 +37,6 @@ in {
];
paths = [
"/srv/mcserver/@restic"
"/persist/backup"
];
dynamicFilesFrom = ''
echo
@ -49,6 +46,7 @@ in {
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

56
hosts/nullbox/configuration.nix
View File

@ -1,51 +1,54 @@
# vim: set ts=2 sw=2 et:
# vim: set ts=2 sw=2 et:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, lib, pkgs, inputs, ... }:
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./impermanence.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# Encryption
./luks.nix
./mcserver.nix
./backup.nix
];
./impermanence.nix
./backup.nix
];
config = {
fileSystems = lib.mkMerge [
{
"/ntfs" = {
fsType = "ntfs-3g";
device = "/dev/disk/by-uuid/6AC23F0FC23EDF4F";
options = ["auto_cache" "nofail"];
options = [ "auto_cache" "nofail" ];
};
"/.btrfsroot" = {
options = ["subvol=/"];
options = [ "subvol=/" ];
};
}
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
];
# hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.production;
hardware.nvidia.open = lib.mkForce false;
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
system.nixos.tags = [ "Hyprland" ];
nixfiles = {
session = "hyprland";
};
};
hardware.cpu.intel.updateMicrocode = true;
services.udev.extraRules = ''
@ -62,7 +65,7 @@
workarounds.nvidiaPrimary = true;
programs.greetd = {
settings = {
randr = ["--output" "HDMI-A-3" "--off"];
randr = [ "--output" "HDMI-A-3" "--off" ];
autologin = false;
autologinUser = "nullbite";
autolock = false;
@ -106,7 +109,8 @@
};
};
boot.kernelPackages = pkgs.linuxPackages_6_12;
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
networking.wg-quick.interfaces.wg0 = {
configFile = "/etc/wireguard/wg0.conf";
@ -118,6 +122,7 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "nullbox";
# Pick only one of the below networking options.
@ -125,7 +130,8 @@
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/New_York";
time.timeZone = "America/New_York";
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
@ -140,4 +146,6 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

114
hosts/nullbox/hardware-configuration.nix
View File

@ -1,77 +1,73 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@root"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@root" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F4D6-20B6";
fsType = "vfat";
};
fileSystems."/srv/mcserver-old" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver-old" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver-old/.snapshots" = {
device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver-old/.snapshots" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=@mcserver"];
};
fileSystems."/srv/mcserver" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver/.snapshots" = {
device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = ["subvol=snapshots/@mcserver"];
};
fileSystems."/srv/mcserver/.snapshots" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

6
hosts/nullbox/home.nix
View File

@ -1,9 +1,5 @@
{ lib, pkgs, osConfig, ... }:
{
lib,
pkgs,
osConfig,
...
}: {
imports = [
];

58
hosts/nullbox/impermanence.nix
View File

@ -1,16 +1,11 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
inherit (lib) escapeShellArg;
# (wip) more configurable than old one, will be used by volatile btrfs module
mkBtrfsInit = {
volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume,
}: ''
mkBtrfsInit = { volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume }:
''
mkdir -p /btrfs_tmp
mount ${escapeShellArg volume} /btrfs_tmp -o subvol=/
@ -39,7 +34,7 @@ in {
neededForBoot = true;
device = root_vol;
fsType = "btrfs";
options = ["subvol=/nixos/@persist"];
options = [ "subvol=/nixos/@persist" ];
};
# TODO volatile btrfs module
@ -52,7 +47,7 @@ in {
fileSystems."/" = lib.mkForce {
device = root_vol;
fsType = "btrfs";
options = ["subvol=/nixos/volatile"];
options = [ "subvol=/nixos/volatile" ];
};
# agenix fix
@ -79,24 +74,15 @@ in {
# probably NEVER be excluded removed.
"/var/lib/nixos/"
# password files for user.user.<name>.hashedPasswordFile
{
directory = "/etc/passfile";
mode = "0700";
}
{ directory = "/etc/passfile"; mode = "0700"; }
# persistent non-declarative config
"/etc/nixos"
"/etc/ssh"
{
directory = "/etc/wireguard";
mode = "0700";
}
{ directory = "/etc/wireguard"; mode = "0700"; }
# let's keep the root home dir as well
{
directory = "/root";
mode = "0700";
}
{ directory = "/root"; mode = "0700"; }
# system state
"/etc/NetworkManager/system-connections"
@ -107,29 +93,13 @@ in {
"/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill"
"/var/lib/systemd/timesync"
{
directory = "/var/lib/tailscale";
mode = "0700";
}
{ directory = "/var/lib/tailscale"; mode = "0700"; }
"/var/lib/unbound"
"/var/db/sudo/lectured"
# remember login stuff
{
directory = "/var/cache/tuigreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/cache/regreet";
user = "greeter";
group = "greeter";
}
{
directory = "/var/lib/regreet";
user = "greeter";
group = "greeter";
}
{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; }
{ directory = "/var/cache/regreet"; user = "greeter"; group = "greeter"; }
];
files = [

13
hosts/nullbox/luks.nix
View File

@ -1,11 +1,8 @@
{
pkgs,
config,
lib,
...
}: let
{ pkgs, config, lib, ... }:
let
usb = "903D-DF5B";
in {
in
{
config = {
# cryptsetup
boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage"];
@ -19,7 +16,7 @@ in {
mount -n -t vfat -o ro `findfs UUID=${usb}` /key
'';
device = "/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
device="/dev/disk/by-uuid/85b5f22e-0fa5-4f0d-8fba-f800a0b41671";
keyFile = "/key/image.png"; # yes it's literally an image file. bite me
allowDiscards = true;
fallbackToPassword = true;

43
hosts/nullbox/mcserver.nix
View File

@ -1,21 +1,18 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, config, ... }:
let
cfg = config.services.minecraft-servers;
in {
in
{
config = {
fileSystems = {
"/srv/mcserver".options = ["compress=zstd" "nofail"];
"/srv/mcserver/.snapshots".options = ["compress=zstd" "nofail"];
"/srv/mcserver".options = [ "compress=zstd" "nofail" ];
"/srv/mcserver/.snapshots".options = [ "compress=zstd" "nofail" ];
};
networking.firewall.trustedInterfaces = ["wg0"];
networking.firewall.trustedInterfaces = [ "wg0" ];
users = {
users = {
nullbite.extraGroups = ["minecraft"];
nullbite.extraGroups = [ "minecraft" ];
};
};
@ -48,19 +45,18 @@ in {
nulllite-staging = let
commit = "b8c639a";
packHash = "sha256-HTDVIkcBf0DyLbSCuU08/HnEQuesi3cmXXhB4y4lyko=";
in
pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in {
nulllite-staging = {
useRecommendedDefaults = true;
enable = true;
autoStart = false;
modpack = nulllite-staging;
modpackSymlinks = ["mods"];
modpackFiles = ["config/"];
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" ];
serverProperties.server-port = 25574;
serverProperties.motd = "staging server";
};
@ -69,8 +65,8 @@ in {
enable = true;
autoStart = true;
modpack = pkgs.modpacks.notlite;
modpackSymlinks = ["config/yosbr" "config/quilt-loader-overrides.json" "mods"];
modpackFiles = ["kubejs/"];
modpackSymlinks = [ "config/yosbr" "config/quilt-loader-overrides.json" "mods" ];
modpackFiles = [ "kubejs/" ];
serverProperties = {
motd = "owo what's this (nix notlite edition)";
server-port = 25567;
@ -80,10 +76,11 @@ in {
level-seed = "8555431723250870652";
level-type = "bclib:normal";
};
};
minecraft-nixtest = let
self = cfg.servers.minecraft-nixtest;
package = pkgs.quiltServers.quilt-1_20_1.override {loaderVersion = "0.21.0";};
package = pkgs.quiltServers.quilt-1_20_1.override { loaderVersion = "0.21.0"; };
in {
useRecommendedDefaults = true;
enable = false;
@ -95,8 +92,8 @@ in {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
};
modpackSymlinks = ["mods"];
modpackFiles = ["config/" "kubejs/"];
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" "kubejs/" ];
serverProperties = rec {
motd = "owo what's this (nix edition)";
server-port = 25568;

6
hosts/nullbox/unbound.nix
View File

@ -1,9 +1,5 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
config = {
networking.networkmanager.dns = "none";
services.unbound.enable = true;

398
hosts/rpi4/authelia.nix
View File

@ -3,10 +3,10 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib) types mkIf optionalString;
inherit
(builtins)
inherit (builtins)
isNull
any
all
@ -20,18 +20,22 @@
"regular"
"basic"
];
getUpstreamFromInstance = instance: let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
getUpstreamFromInstance =
instance:
let
inherit (config.services.authelia.instances.${instance}.settings) server;
port = server.port or 9091;
host = server.host or "127.0.0.1";
targetHost =
if host == "0.0.0.0"
then "127.0.0.1"
else if lib.hasInfix ":" host
then throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else host;
in "http://${targetHost}:${toString port}";
targetHost =
if host == "0.0.0.0" then
"127.0.0.1"
else if lib.hasInfix ":" host then
throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else
host;
in
"http://${targetHost}:${toString port}";
# use this when reverse proxying to authelia (and only authelia because i
# like the nixos recommended proxy settings better)
@ -112,204 +116,212 @@
proxy_set_header X-Forwarded-URI $request_uri;
'';
genAuthConfig = method: let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
genAuthConfig =
method:
let
snippet_regular = ''
## Configure the redirection when the authz failure occurs. Lines starting
## with 'Modern Method' and 'Legacy Method' should be commented /
## uncommented as pairs. The modern method uses the session cookies
## configuration's authelia_url value to determine the redirection URL here.
## It's much simpler and compatible with the mutli-cookie domain easily.
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: Set the $redirection_url to the Location header of the
## response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
## Modern Method: When there is a 401 response code from the authz endpoint
## redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
'';
in
''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
in ''
## Send a subrequest to Authelia to verify if the user is authenticated and
# has permission to access the resource.
auth_request /internal/authelia/authz${optionalString (method == "basic") "/basic"};
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request
## made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Name $name;
proxy_set_header Remote-Email $email;
${optionalString (method == "regular") snippet_regular}
'';
genAuthConfigPkg = method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in {
genAuthConfigPkg =
method: pkgs.writeText "authelia-authrequest-${method}.conf" (genAuthConfig method);
in
{
# authelia
options.services.nginx = let
mkAttrsOfSubmoduleOpt = module: lib.mkOption {type = with types; attrsOf (submodule module);};
options.services.nginx =
let
mkAttrsOfSubmoduleOpt = module: lib.mkOption { type = with types; attrsOf (submodule module); };
# make system config accessible from submodules
systemConfig = config;
# make system config accessible from submodules
systemConfig = config;
# submodule definitions
vhostModule = {
name,
config,
...
} @ attrs: {
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
# submodule definitions
vhostModule =
{ name, config, ... }@attrs:
{
options = {
locations = mkAttrsOfSubmoduleOpt (genLocationModule attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
example = "basic";
};
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations =
let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
upstream = lib.mkOption {
};
genLocationModule =
vhostAttrs:
{ name, config, ... }:
let
vhostConfig = vhostAttrs.config;
in
{
options.authelia.method = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
type = with types; nullOr str;
default = null;
};
method = lib.mkOption {
description = ''
Default Authelia authentication method to use for all locations
in this virtualHost. Authentication is disabled by default for
all locations if this is set to `null`.
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = "regular";
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
};
config = {
authelia.upstream = mkIf (!(isNull config.authelia.instance)) (
getUpstreamFromInstance config.authelia.instance
);
authelia.endpoint.upstream = mkIf (!(isNull config.authelia.endpoint.instance)) (
getUpstreamFromInstance config.authelia.endpoint.instance
);
forceSSL = lib.mkIf (!(isNull config.authelia.endpoint.upstream)) true;
# authelia nginx internal endpoints
locations = let
api = "${config.authelia.upstream}/api/authz/auth-request";
in
lib.mkMerge [
(lib.mkIf (!(isNull config.authelia.upstream)) {
# just setup both, they can't be accessed externally anyways.
"/internal/authelia/authz" = {
proxyPass = api;
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaLocationConfig};
'';
};
"/internal/authelia/authz/basic" = {
proxyPass = "${api}/basic";
recommendedProxySettings = false;
extraConfig = ''
include ${autheliaBasicLocationConfig};
'';
};
})
(lib.mkIf (!(isNull config.authelia.endpoint.upstream)) {
"/" = {
extraConfig = ''
include "${autheliaProxyConfig}";
'';
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"= /api/verify" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
"/api/authz" = {
proxyPass = "${config.authelia.endpoint.upstream}";
recommendedProxySettings = false;
};
})
];
};
in
{
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
genLocationModule = vhostAttrs: {
name,
config,
...
}: let
vhostConfig = vhostAttrs.config;
in {
options.authelia.method = lib.mkOption {
description = ''
Authelia authentication method to use for this location.
Authentication is disabled for this location if this is set to
`null`.
'';
type = with types; nullOr (enum validAuthMethods);
default = vhostConfig.authelia.method;
example = "basic";
};
config =
lib.mkIf
(
(!(lib.strings.hasPrefix "/internal/authelia/" name))
&& (!(isNull vhostConfig.authelia.upstream))
&& (!(isNull config.authelia.method))
)
{
extraConfig = ''
include ${genAuthConfigPkg config.authelia.method};
'';
};
};
in {
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
};
# TODO check if any vhosts have authelia configured
config = let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
config =
let
# TODO later, there are only assertions here
configured = any (
vhost: (!(isNull vhost.authelia.upstream)) || (!(isNull vhost.authelia.endpoint.upstream))
) (attrValues nginx.virtualHosts);
in
mkIf true {
assertions = [
{

14
hosts/rpi4/backup.nix
View File

@ -1,13 +1,10 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
secret = name: config.age.secrets."${name}".path;
in {
in
{
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
services.restic.backups.system = {
rcloneConfigFile = secret "restic-rclone";
@ -41,6 +38,7 @@ in {
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

47
hosts/rpi4/configuration.nix
View File

@ -1,21 +1,19 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./services.nix
./media-sync.nix
./media-sync.nix
./backup.nix
];
./backup.nix
];
fileSystems = let
mounts = [
@ -26,9 +24,8 @@
"/opt/hassio"
"/opt/hassio/.snapshots"
];
fn = x: {options = ["compress=zstd" "commit=300" "noatime"];};
in
lib.genAttrs mounts fn;
fn = (x: { options = [ "compress=zstd" "commit=300" "noatime" ];});
in lib.genAttrs mounts fn;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
@ -38,7 +35,8 @@
configurationLimit = 5;
};
boot.kernelPackages = pkgs.linuxPackages_6_12;
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
nixfiles = {
profile.server.enable = true;
@ -67,7 +65,7 @@
"wg0"
"tailscale0"
];
networking.firewall.allowedUDPPorts = [51820];
networking.firewall.allowedUDPPorts = [ 51820 ];
services.openssh = {
enable = true;
@ -97,6 +95,9 @@
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
@ -124,11 +125,11 @@
# tree
# ];
# };
users.users.nullbite = {
isNormalUser = true;
extraGroups = ["wheel"];
uid = 1000;
};
users.users.nullbite = {
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -182,4 +183,6 @@
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

51
hosts/rpi4/gitea.nix
View File

@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.services.gitea;
in {
in
{
config = {
services.gitea = {
enable = true;
@ -35,37 +32,19 @@ in {
DEFAULT_THEME = "catppuccin-mocha-pink";
THEMES = let
ctpAttrs = {
flavor = ["latte" "frappe" "macchiato" "mocha"];
accent = [
"rosewater"
"flamingo"
"pink"
"mauve"
"red"
"maroon"
"peach"
"yellow"
"green"
"teal"
"sky"
"sapphire"
"blue"
];
flavor = [ "latte" "frappe" "macchiato" "mocha" ];
accent = [ "rosewater" "flamingo" "pink" "mauve"
"red" "maroon" "peach" "yellow" "green" "teal"
"sky" "sapphire" "blue" ];
};
ctpThemes =
lib.mapCartesianProduct
({
flavor,
accent,
}: "catppuccin-${flavor}-${accent}")
ctpThemes = lib.mapCartesianProduct
( { flavor, accent }: "catppuccin-${flavor}-${accent}" )
ctpAttrs;
in
lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
]
++ ctpThemes);
in lib.concatStringsSep "," ([
"gitea"
"arc-green"
"auto"
] ++ ctpThemes);
};
};
};

118
hosts/rpi4/hardware-configuration.nix
View File

@ -1,78 +1,75 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/"];
};
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/18e0dfd8-78bd-478d-9df8-1c28bc0b55df";
fsType = "ext4";
};
fileSystems."/srv/syncthing" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@syncthing"];
};
fileSystems."/srv/syncthing" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@syncthing" ];
};
fileSystems."/srv/media" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@media"];
};
fileSystems."/srv/media" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@media" ];
};
fileSystems."/opt/hassio" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/@hassio"];
};
fileSystems."/opt/hassio" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/@hassio" ];
};
fileSystems."/opt/hassio/.snapshots" = {
device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = ["subvol=/snapshots/@hassio"];
};
fileSystems."/opt/hassio/.snapshots" =
{ device = "/dev/disk/by-uuid/112535b6-4318-4d26-812b-7baf0d65dae5";
fsType = "btrfs";
options = [ "subvol=/snapshots/@hassio" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/b8e046b3-28a2-47c5-b305-24be5be42eff"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -84,3 +81,4 @@
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

3
hosts/rpi4/home.nix
View File

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
config = {
nixfiles.profile.base.enable = true;
programs.keychain.enable = false;

16
hosts/rpi4/media-sync.nix
View File

@ -1,15 +1,11 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
in {
config = {
nixfiles.programs.syncthing.enable = true;
systemd.timers.gallery-dl = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "13";
@ -17,7 +13,7 @@ in {
};
};
systemd.services.gallery-dl = {
path = with pkgs; [bash coreutils findutils gallery-dl];
path = with pkgs; [ bash coreutils findutils gallery-dl ];
serviceConfig = {
# none of your fucking business
# TODO move this into an agenix secret probably
@ -28,14 +24,14 @@ in {
};
systemd.timers.gallery-dl-dedup = {
wantedBy = ["timers.target"];
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "03:00";
RandomizedDelaySec = "3h";
};
};
systemd.services.gallery-dl-dedup = {
path = with pkgs; [bash coreutils rmlint];
path = with pkgs ; [ bash coreutils rmlint ];
serviceConfig = {
# likewise
ExecStart = "/srv/gallery-dl-dedup.sh";

1
hosts/rpi4/reddit-subscriptions.txt
View File

@ -33,7 +33,6 @@ okbuddyhetero
peepeeshart
pressureroblox
prismlauncher
programmingcirclejerk
regretevator
rust
rustjerk

462
hosts/rpi4/services.nix
View File

@ -1,17 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
inherit (config.age) secrets;
inherit (builtins) toString;
in {
in
{
imports = [
./gitea.nix
./authelia.nix
];
config = {
age.secrets.cloudflaredns = {
file = ../../secrets/cloudflare-dns.age;
group = "secrets";
@ -65,7 +63,7 @@ in {
};
users.groups.secrets = {};
users.users.acme.extraGroups = ["secrets"];
users.users.acme.extraGroups = [ "secrets" ];
security.acme = {
acceptTerms = true;
@ -99,59 +97,57 @@ in {
};
};
users.users.nginx.extraGroups = ["acme"];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
80 443
# this is needed for node to work for some reason
8123
];
users.groups.authelia-shared = {};
services.authelia.instances =
lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
users.groups.authelia-shared = { };
services.authelia.instances = lib.mapAttrs (inst: opts: {
enable = true;
group = "authelia-shared";
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
storage.local.path = "/var/lib/authelia-${inst}/db.sqlite";
session.cookies = [
{
domain = "protogen.io";
authelia_url = "https://auth.protogen.io";
default_redirection_url = "https://searx.protogen.io";
}
{
domain = "nbt.sh";
authelia_url = "https://auth.nbt.sh";
default_redirection_url = "https://admin.nbt.sh";
}
{
domain = "proot.link";
authelia_url = "https://auth.proot.link";
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
theme = "auto";
};
}) {
main = {
domain = "protogen.io";
# port = 9091 # default
};
};
services.redis = {
servers.authelia = {
@ -161,7 +157,7 @@ in {
users.users."${config.services.authelia.instances.main.user}".extraGroups = let
name = config.services.redis.servers.authelia.user;
in [name];
in [ name ];
services.nginx = {
enable = true;
@ -175,30 +171,24 @@ in {
virtualHosts = let
useACMEHost = "protogen.io";
mkProxy = args @ {
upstream ? "http://127.0.0.1:${builtins.toString args.port}",
auth ? false,
authelia ? false,
extraConfig ? {},
...
}:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, authelia ? false, extraConfig ? {}, ... }:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
proxyWebsockets = true;
};
}
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
(lib.mkIf authelia {
authelia.instance = lib.mkDefault "main";
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
@ -209,174 +199,149 @@ in {
# };
# };
mkAuthProxy = port:
mkProxy {
inherit port;
authelia = true;
mkAuthProxy = port: mkProxy { inherit port; authelia = true; };
mkReverseProxy = port: mkProxy { inherit port; };
in (lib.mapAttrs (domain: instance: { forceSSL = true; inherit useACMEHost; authelia.endpoint = { inherit instance; };}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
}) // {
"changedetection.protogen.io" = mkReverseProxy 5000;
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
"gitea.protogen.io" = mkReverseProxy 3000;
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [ (mkProxy { authelia = true; upstream = "http://10.10.1.8:80"; })
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}];
mkReverseProxy = port: mkProxy {inherit port;};
in
(lib.mapAttrs (domain: instance: {
forceSSL = true;
inherit useACMEHost;
authelia.endpoint = {inherit instance;};
}) {
"auth.protogen.io" = "main";
"auth.nbt.sh" = "main";
"auth.proot.link" = "main";
})
// {
"changedetection.protogen.io" = mkReverseProxy 5000;
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in mkProxy { authelia = true; inherit port; extraConfig = {
locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};};
# firefly
"firefly.protogen.io" = mkReverseProxy 8083;
"firefly-import.protogen.io" = mkAuthProxy 8084;
# URL shortener
"nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
"admin.nbt.sh" = mkProxy { authelia = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
"gitea.protogen.io" = mkReverseProxy 3000;
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
# home assistant
"hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880;
"z2m.protogen.io" = mkAuthProxy 8124;
"vsc-hass.protogen.io" = mkReverseProxy 1881;
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# jellyfin
"room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086;
"paper.protogen.io" = mkReverseProxy config.services.paperless.port;
# octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [
(mkProxy {
authelia = true;
upstream = "http://10.10.1.8:80";
})
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
authelia.method = null;
};
}
];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in
mkProxy {
authelia = true;
inherit port;
extraConfig = {
locations = lib.genAttrs ["/favicon.ico" "/autocompleter" "/opensearch.xml"] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
authelia.method = null;
extraConfig = ''
auth_basic off;
'';
});
};
};
# URL shortener
"nbt.sh" = mkProxy {
port = 8090;
extraConfig.serverAliases = ["proot.link"];
};
"admin.nbt.sh" = mkProxy {
authelia = true;
port = 8091;
extraConfig.serverAliases = ["admin.proot.link"];
};
# uptime
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
# homepage
"home.protogen.io" = mkAuthProxy 8089;
"lounge.protogen.io" = mkAuthProxy 9000;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
useACMEHost = "protogen.io";
forceSSL = true;
authelia.instance = "main";
locations."/" = {
inherit root;
extraConfig = ''
autoindex off;
'';
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = ["x.protogen.io"];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = ["www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz"];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
locations."/api/" = {
proxyPass = "http://10.10.0.3:3876";
proxyWebsockets = true;
extraConfig = ''
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
'';
};
};
# main site
"protogen.io" = {
serverAliases = [ "x.protogen.io" ];
useACMEHost = "protogen.io";
forceSSL = true;
locations."/" = {
root = "/srv/http";
extraConfig = ''
autoindex on;
'';
};
};
# fallback for known hosts
"nullbite.com" = {
forceSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = [ "www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz" ];
};
# show blank page for unknown hosts
"localhost" = {
default = true;
addSSL = true;
useACMEHost = "protogen.io";
locations."/" = {
return = "404";
};
};
};
};
# https://gethomepage.dev
services.homepage-dashboard = let
entry = name: value: {"${name}" = value;};
makeBookmark = name: {...} @ attrs: entry name [attrs];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({inherit abbr href;} // lib.optionalAttrs (icon != null) {inherit icon;});
entry = name: value: { "${name}" = value; };
makeBookmark = name: {...}@attrs: entry name [ attrs ];
makeBookmark' = name: icon: abbr: href: makeBookmark name ({ inherit abbr href; } // lib.optionalAttrs (icon != null) { inherit icon; });
in {
enable = true;
listenPort = 8089;
@ -404,12 +369,10 @@ in {
];
services = let
service = name: subdomain: icon: {...} @ attrs:
entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
}
// attrs);
service = name: subdomain: icon: {...}@attrs: entry name ({
href = "https://${subdomain}.protogen.io";
inherit icon;
} // attrs);
basicService = name: subdomain: icon: service name subdomain icon {};
in [
(entry "unsorted" [
@ -426,17 +389,13 @@ in {
(basicService "SearXNG" "searx" "searxng")
(basicService "TheLounge" "lounge" "thelounge")
(basicService "Paperless" "paper" "paperless-ngx")
(entry "Shlink" {
href = "https://admin.nbt.sh";
icon = "shlink";
})
(entry "Shlink" { href = "https://admin.nbt.sh"; icon = "shlink"; })
(basicService "Create Track Map" "trackmap" "")
((x:
service x x x {
widget = {
};
}) "changedetection")
((x: service x x x {
widget = {
};
}) "changedetection")
(service "Uptime Kuma" "uptime" "uptime-kuma" {
widget = {
@ -484,7 +443,7 @@ in {
};
# needed for mDNS in Home Assistant
networking.firewall.allowedUDPPorts = [5353];
networking.firewall.allowedUDPPorts = [ 5353 ];
systemd.services.redlib.environment = {
REDLIB_DEFAULT_SUBSCRIPTIONS = lib.pipe ./reddit-subscriptions.txt [
@ -529,12 +488,13 @@ in {
PAPERLESS_URL = "https://paper.protogen.io";
PAPERLESS_TIKA_ENABLED = true;
PAPERLESS_TIKA_ENDPOINT = "http://localhost:${toString config.services.tika.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT = "http://localhost:${toString config.services.gotenberg.port}";
PAPERLESS_TIKA_GOTENBERG_ENDPOINT =
"http://localhost:${toString config.services.gotenberg.port}";
};
};
users.users."${config.services.paperless.user}".extraGroups = let
name = config.services.redis.servers.paperless.group;
in [name];
in [ name ];
services.gotenberg = {
enable = true;

62
hosts/slab/configuration.nix
View File

@ -1,22 +1,20 @@
# vim: set ts=2 sw=2 et foldmethod=marker:
# vim: set ts=2 sw=2 et foldmethod=marker:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
vars,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
];
{ config, lib, pkgs, vars, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../system # nixfiles modules
./nvidia-optimus.nix
./supergfxd.nix
];
config = {
# nix.settings.experimental-features = ["nix-command" "flakes" ];
@ -28,24 +26,18 @@
device = "/dev/disk/by-uuid/028A49020517BEA9";
};
"/.btrfsroot" = {
options = ["subvol=/"];
options = [ "subvol=/" ];
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = {
device = "/boot/EFI/Linux";
options = ["bind"];
};
"/efi/EFI/nixos" = {
device = "/boot/EFI/nixos";
options = ["bind"];
};
"/efi/EFI/Linux" = { device = "/boot/EFI/Linux"; options = [ "bind" ]; };
"/efi/EFI/nixos" = { device = "/boot/EFI/nixos"; options = [ "bind" ]; };
})
(lib.genAttrs ["/.btrfsroot" "/" "/home" "/nix"] (fs: {
options = ["compress=zstd"];
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
];
@ -59,7 +51,7 @@
# };
specialisation.hyprland.configuration = {
system.nixos.tags = ["Hyprland"];
system.nixos.tags = [ "Hyprland" ];
nixfiles.session = "hyprland";
};
@ -99,20 +91,21 @@
};
};
networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = ["quiet"];
boot.kernelParams = [ "quiet" ];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup
boot.initrd.luks.devices = {
lvmroot = {
device = "/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true;
preLVM = true;
@ -145,7 +138,7 @@
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable ["tcp://pixel.magpie-moth.ts.net:6000"];
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable [ "tcp://pixel.magpie-moth.ts.net:6000" ];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
@ -171,6 +164,7 @@
# boot.loader.efi.canTouchEfiVariables = true;
# see custom-hardware-configuration.nix
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
@ -201,8 +195,10 @@
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
# Enable flatpak
# services.flatpak.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
@ -222,6 +218,7 @@
# pulse.enable = true;
# jack.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
@ -247,6 +244,7 @@
# shell = pkgs.zsh;
# };
# shell config
# programs.zsh.enable = true;
# programs.fzf = {
@ -298,7 +296,7 @@
# }}}
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -315,5 +313,7 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
};
}

86
hosts/slab/hardware-configuration.nix
View File

@ -1,59 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@"];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=nixos/@nix"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=nixos/@nix" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = ["subvol=@home"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
fileSystems."/efi" =
{ device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a";}
];
fileSystems."/.btrfsroot" = {
device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; }
];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

13
hosts/slab/home.nix
View File

@ -1,10 +1,5 @@
{ lib, pkgs, osConfig, config, ... }:
{
lib,
pkgs,
osConfig,
config,
...
}: {
imports = [
../../home
];
@ -14,7 +9,7 @@
profile.base.enable = true;
common.wm.keybinds = {
Launch1 = "playerctl play-pause"; # ROG key
Launch1="playerctl play-pause"; # ROG key
# Launch3="true"; # AURA fn key
# Launch4="true"; # fan control fn key
};
@ -22,8 +17,8 @@
home.stateVersion = "23.11";
# TODO mkif stylix.enable; danth/stylix#216
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) {size = 32;};
stylix.cursor = lib.mkIf config.stylix.enable {size = 32;};
home.pointerCursor = lib.mkIf (config.nixfiles.theming.enable && !config.stylix.enable) { size = 32; };
stylix.cursor = { size = 32; };
nixfiles.theming.catppuccin.themeDPI = "hdpi";

19
hosts/slab/nvidia-optimus.nix
View File

@ -1,13 +1,11 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.supergfxd.enable = true;
specialisation = {
nvidia.configuration = {
system.nixos.tags = ["NVIDIA"];
system.nixos.tags = [ "NVIDIA" ];
nixfiles.supergfxd.profile = "Hybrid";
@ -17,9 +15,9 @@
hardware.nvidia = {
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
@ -32,8 +30,7 @@
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in
version;
in version;
prime = {
offload = {

14
hosts/slab/supergfxd.nix
View File

@ -1,10 +1,5 @@
{
pkgs,
lib,
config,
options,
...
} @ args: let
{ pkgs, lib, config, options, ... }@args:
let
gfx = {
Integrated = {
supergfxd = pkgs.writeText "supergfxd-integrated" ''
@ -74,8 +69,7 @@
isKeyInAttrset = let
getKeys = attrset: lib.mapAttrsToList (name: _: name) attrset;
isInList = key: list: lib.any (x: x == key) list;
in
key: attrset: isInList key (getKeys attrset);
in key: attrset: isInList key (getKeys attrset);
inherit (lib) mkIf mkOption types;
in {
@ -89,7 +83,7 @@ in {
};
config = {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
environment.etc = mkIf (!(builtins.isNull cfg.profile)) {
# TODO actually configure the system settings here
"supergfxd.conf" = {
source = gfx.${cfg.profile}.supergfxd;

4
lib/nixfiles/flake-legacy.nix
View File

@ -68,8 +68,8 @@ in rec {
];
home-manager = {
useGlobalPkgs = lib.mkDefault false;
useUserPackages = lib.mkDefault true;
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "hm.bak";
inherit users;
extraSpecialArgs = {

102
lib/nixfiles/minecraft.nix
View File

@ -1,19 +1,14 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (pkgs) lib;
in {
mkServer = {
modpack ? null,
modpackSymlinks ? [],
modpackFiles ? [],
jvmOpts ? null,
...
} @ opts: let
in
{
mkServer = { modpack ? null, modpackSymlinks ? [], modpackFiles ? [], jvmOpts ? null, ...}@opts: let
# log4j exploit is bad and scary and i have no idea if this is still needed
# but it's best to be on the safe side
jvmOptsPatched = let
requiredJvmOpts = "-Dlog4j2.formatMsgNoLookups=true";
in
if (!(builtins.isNull jvmOpts))
in if (!(builtins.isNull jvmOpts))
then requiredJvmOpts + " " + jvmOpts
else requiredJvmOpts;
@ -22,58 +17,51 @@ in {
serverPackage = let
mcVersion = modpack.manifest.versions.minecraft;
fixedVersion = lib.replaceStrings ["."] ["_"] mcVersion;
fixedVersion = lib.replaceStrings [ "." ] [ "_" ] mcVersion;
quiltVersion = modpack.manifest.versions.quilt or null;
fabricVersion = modpack.manifest.versions.fabric or null;
loader =
if (!(builtins.isNull quiltVersion))
then "quilt"
else "fabric";
loaderVersion =
if loader == "quilt"
then quiltVersion
else fabricVersion;
in
pkgs.minecraftServers."${loader}-${fixedVersion}".override {inherit loaderVersion;};
in
lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
loader = if (!(builtins.isNull quiltVersion)) then "quilt" else "fabric";
loaderVersion = if loader == "quilt" then quiltVersion else fabricVersion;
in pkgs.minecraftServers."${loader}-${fixedVersion}".override { inherit loaderVersion; };
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
in lib.mkMerge [
(lib.mkIf (!(builtins.isNull modpack)) {
inherit symlinks files;
package = lib.mkDefault serverPackage;
})
{
autoStart = lib.mkDefault true;
jvmOpts = jvmOptsPatched;
whitelist = lib.mkDefault {
NullBite = "e24e8e0e-7540-4126-b737-90043155bcd4";
Silveere = "468554f1-27cd-4ea1-9308-3dd14a9b1a12";
YzumThreeEye = "3dad78e8-6979-404f-820e-952ce20964a0";
};
serverProperties = {
# allows no chat reports to run
enforce-secure-profile = lib.mkDefault false;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# whitelist
white-list = lib.mkDefault true;
enforce-whitelist = lib.mkDefault true;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
motd = lib.mkDefault "owo what's this (nix preset edition)";
enable-rcon = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# btrfs performance fix
sync-chunk-writes = lib.mkDefault false;
# no telemetry
snooper-enabled = lib.mkDefault false;
# this helps with some mod support. disable it on public servers.
allow-flight = lib.mkDefault true;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts ["modpack" "modpackSymlinks" "modpackFiles" "jvmOpts"])
];
# no telemetry
snooper-enabled = lib.mkDefault false;
# other preferred settings
pvp = lib.mkDefault true;
difficulty = lib.mkDefault "hard";
};
}
(builtins.removeAttrs opts [ "modpack" "modpackSymlinks" "modpackFiles" "jvmOpts" ])
];
}

3
modules/home-manager/default.nix
View File

@ -1 +1,2 @@
_: {}
_:
{}

3
modules/nixos/default.nix
View File

@ -1,2 +1,3 @@
{...} @ moduleInputs: {
{...}@moduleInputs:
{
}

92
overlays/backports.nix
View File

@ -1,68 +1,42 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable {
config.allowUnfree = true;
inherit (final) system;
};
inherit (final) callPackage kdePackages lib;
nixfiles: final: prev:
let
pkgs-unstable = import nixfiles.inputs.nixpkgs-unstable { config.allowUnfree = true; inherit (final) system; };
inherit (final) callPackage kdePackages lib;
backport = let
_callPackage = callPackage;
in
{
pkgname,
backport = let
_callPackage = callPackage;
in { pkgname,
callPackage ? _callPackage,
new ? pkgs-unstable,
override ? {},
}: let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
override ? {} } : let
inherit (lib) getAttrFromPath;
inherit (builtins) getAttr isString;
getAttr' = name: attrs:
if isString pkgname
then getAttr name attrs
else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in
if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
getAttr' = name: attrs: if isString pkgname then getAttr name attrs else getAttrFromPath name attrs;
oldPkg = getAttr' pkgname prev;
newPkg = getAttr' pkgname pkgs-unstable;
in if oldPkg.version == newPkg.version
then oldPkg
else (callPackage newPkg.override) override;
backport' = pkgname: backport {inherit pkgname;};
backport' = pkgname: backport { inherit pkgname; };
# defined locally to not pull in perl from unstable
stripJavaArchivesHook =
final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [final.strip-nondeterminism];
}
./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport {
pkgname = "obsidian";
override.electron = final.electron_28;
};
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
};
# defined locally to not pull in perl from unstable
stripJavaArchivesHook = final.makeSetupHook {
name = "strip-java-archives-hook";
propagatedBuildInputs = [ final.strip-nondeterminism ];
} ./strip-java-archives.sh;
in {
vesktop = backport' "vesktop";
obsidian = backport { pkgname="obsidian"; override.electron = final.electron_28; };
prismlauncher-unwrapped = backport {
pkgname = "prismlauncher-unwrapped";
inherit (kdePackages) callPackage;
override = {
# apple something idk why the package doesn't just ask for darwin and get it itself
# maybe i should make a pull request that changes the params to `darwin, Cocoa ? darwin.apple_sdk.frameworks.Cocoa`
inherit (final.darwin.apple_sdk.frameworks) Cocoa;
};
};
in {
config.flake.overlays.backports = overlay;
}

32
overlays/default.nix
View File

@ -1,21 +1,17 @@
{
config,
lib,
...
}: let
nixfiles:
let
inherit (nixfiles.inputs.nixpkgs) lib;
# this name is awful. maybe i don't know anything about functional
# programming or something, but the naming isn't very self explanatory
# - why is it "compose" instead of "combine"
# - why is it "extensions" instead of "overlays"
inherit (lib) composeManyExtensions;
cfg = config.flake.overlays;
in {
imports = [
./mitigations.nix
./backports.nix
./modpacks.nix
in rec {
backports = import ./backports.nix nixfiles;
mitigations = import ./mitigations.nix nixfiles;
modpacks = import ./modpacks.nix nixfiles;
default = composeManyExtensions [
backports
mitigations
];
config.flake.overlays = {
default = with cfg;
composeManyExtensions [
backports
mitigations
];
};
}

172
overlays/mitigations.nix
View File

@ -1,142 +1,50 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath {
inherit (prev) system;
config.allowUnfree = true;
};
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
nixfiles: final: prev:
let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath { inherit (prev) system; };
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
inherit (final) callPackage fetchFromGitHub;
inherit
(lib)
recurseIntoAttrs
optionalAttrs
versionOlder
versionAtLeast
;
inherit (final) lib callPackage fetchFromGitHub;
inherit (lib) recurseIntoAttrs optionalAttrs
versionOlder versionAtLeast;
pkgsFromFlake = flake: (import flake.outPath) {inherit (prev) system;};
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs:
if versionAtLeast ours.version theirs.version
then ours
else theirs;
pickNewer = ours: theirs:
if versionOlder theirs.version ours.version
then ours
else theirs;
pkgsFromFlake = flake: (import flake.outPath) { inherit (prev) system; };
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs: if versionAtLeast ours.version theirs.version then ours else theirs;
pickNewer = ours: theirs: if versionOlder theirs.version ours.version then ours else theirs;
hold = now: days: ours: theirs: let
hold = now: days: ours: theirs: let
seconds = days * 24 * 60 * 60;
endTimestamp = now + seconds;
in
if now < endTimestamp
then ours
else theirs;
in if now < endTimestamp then ours else theirs;
optionalPkg = cond: val:
if cond
then val
else null;
optionalPkg = cond: val: if cond then val else null;
gimp-with-plugins-good = let
badPlugins = ["gap"];
itemInList = list: item: lib.any (x: x == item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in
prev.gimp-with-plugins.override {inherit plugins;};
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in
{
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in
pickNewer old new;
gimp-with-plugins-good = let
badPlugins = [ "gap" ];
itemInList = list: item: lib.any (x: x==item) list;
pluginFilter = name: value: (value.type or null == "derivation") && (!(itemInList badPlugins name)) && (!value.meta.broken);
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in prev.gimp-with-plugins.override { inherit plugins; };
gimp-with-plugins = gimp-with-plugins-good;
nwg-displays = let
stable = pkgsStable.nwg-displays;
unstable = prev.nwg-displays;
now = 1739114541;
in
hold now 7 stable unstable;
libreoffice = let
stable = pkgsStable.libreoffice;
unstable = prev.libreoffice;
now = 1739558971;
in
hold now 7 stable unstable;
gotenberg = let
stable = pkgsStable.gotenberg;
unstable = prev.gotenberg;
now = 1745707083;
in
hold now 90 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in
pickNewer redlib-new redlib;
rustdesk-flutter = let
stable = pkgsStable.rustdesk-flutter;
unstable = prev.rustdesk-flutter;
now = 1741899501;
in
hold now 7 stable unstable;
}
// (
lib.genAttrs [
"mopidyPackages"
"mopidy"
"mopidy-bandcamp"
"mopidy-iris"
"mopidy-jellyfin"
"mopidy-local"
"mopidy-moped"
"mopidy-mopify"
"mopidy-mpd"
"mopidy-mpris"
"mopidy-muse"
"mopidy-musicbox-webclient"
"mopidy-notify"
"mopidy-podcast"
"mopidy-scrobbler"
"mopidy-somafm"
"mopidy-soundcloud"
"mopidy-spotify"
"mopidy-subidy"
"mopidy-tidal"
"mopidy-tunein"
"mopidy-youtube"
"mopidy-ytmusic"
] (name: let
pkgs-mopidy = (import inputs.nixpkgs-mopidy) {inherit (prev) system;};
unstable = prev."${name}";
stable = pkgs-mopidy."${name}";
now = 1740786429;
in
# pin for at least 90 days because who knows when this will be fixed
# https://github.com/mopidy/mopidy/issues/2183
hold now 90 stable unstable)
);
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in {
config.flake.overlays.mitigations = overlay;
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in pickNewer old new;
gimp-with-plugins = gimp-with-plugins-good;
nwg-displays = let
stable = pkgsStable.nwg-displays;
unstable = prev.nwg-displays;
now = 1739114541;
in hold now 7 stable unstable;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in pickNewer redlib-new redlib;
}

59
overlays/modpacks.nix
View File

@ -1,40 +1,27 @@
{
config,
lib,
self,
inputs,
...
}: let
# TODO legacy refactor
# not high priority, this still works well for this overlay.
nixfiles = self;
overlay = final: prev: let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in
final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
nixfiles: final: prev:
let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
in final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [final.unzip];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
};
in {
modpacks = {
inherit notlite notlite-ctm-static;
};
notlite-ctm-static = final.stdenvNoCC.mkDerivation {
pname = "ctm-static";
version = "0.0.0";
src = final.emptyDirectory;
nativeBuildInputs = [ final.unzip ];
buildPhase = ''
unzip "${notlite}/mods/create-track-map-*.jar" 'assets/littlechasiu/ctm/static/*'
cp -r assets/littlechasiu/ctm/static/. $out/
'';
};
in {
config.flake.overlays.modpacks = overlay;
modpacks = {
inherit notlite notlite-ctm-static;
};
}

18
pkgs/apps.nix
View File

@ -1,15 +1,9 @@
{
packages,
system,
...
}: let
_packages = packages;
in let
{ packages, system, ... }:
let _packages = packages; in
let
packages = _packages.${system};
mkApp = program: {
type = "app";
inherit program;
};
in {
mkApp = program: { type = "app"; inherit program; };
in
{
keysetting = mkApp "${packages.wm-helpers}/bin/keysetting";
}

39
pkgs/atool-wrapped/default.nix
View File

@ -1,5 +1,4 @@
{
lib,
{ lib,
atool,
makeBinaryWrapper,
stdenvNoCC,
@ -15,24 +14,24 @@
p7zip,
unrar,
lha,
unfree ? false,
}: let
unfree ? false }:
let
wrappedPath = lib.makeBinPath ([lzip plzip lzop xz zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
in
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = ["installPhase"];
nativeBuildInputs = [makeBinaryWrapper];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
stdenvNoCC.mkDerivation {
name = "atool-wrapped";
phases = [ "installPhase" ];
nativeBuildInputs = [ makeBinaryWrapper ];
src = ./.;
installPhase = ''
# symlinking them doesn't work for some reason so i have to build multiple
for i in atool acat adiff als apack arepack aunpack ; do
makeBinaryWrapper "${atool}/bin/$i" "$out/bin/$i" \
--inherit-argv0 --prefix PATH : "${wrappedPath}"
done
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}
# i have no idea if this is the "right" way to do this
mkdir -p "$out/share"
ln -s "${atool}/share/man" "$out/share/man"
'';
}

23
pkgs/cofi/shell.nix
View File

@ -1,15 +1,16 @@
{pkgs ? import <nixpkgs> {}}: let
{ pkgs ? import <nixpkgs> {} }:
let
rofi-dmenu-wrapped = pkgs.writeShellScript "rofi-dmenu" ''
exec "${pkgs.rofi-wayland}/bin/rofi" -dmenu "$@"
'';
in
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}
pkgs.mkShell {
shellHook = ''
export COMMA_PICKER="${rofi-dmenu-wrapped}"
'';
nativeBuildInputs = with pkgs; [
rofi-wayland
libnotify
comma
];
}

13
pkgs/cross-seed/default.nix
View File

@ -1,17 +1,14 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
{ lib, buildNpmPackage, fetchFromGitHub }:
buildNpmPackage rec {
pname = "cross-seed";
version = "6.11.2";
version = "6.10.1";
src = fetchFromGitHub {
owner = "cross-seed";
repo = "cross-seed";
rev = "v${version}";
hash = "sha256-m/TlEAW9BFEXOvBixOj09ylgstgHKL48e9zC50fzD5g=";
hash = "sha256-Y8gxjJ5baj6MdxeOTP+y1zCBUus7MR1Idb1TUCIcuh4=";
};
npmDepsHash = "sha256-c8wTvEA7QQb17gBHdBKMUatn8I/wKOhXP1W5ftH3pJc=";
npmDepsHash = "sha256-XaHGzCksa9s3abhc1l577gDEKi+O/P2iE/EN7C1qaKk=";
}

20
pkgs/default.nix
View File

@ -1,15 +1,17 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
inherit (pkgs) callPackage callPackages;
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in {
inherit (mopidyPackages) mopidy-autoplay;
google-fonts = callPackage ./google-fonts {};
wm-helpers = callPackage ./wm-helpers {};
atool = callPackage ./atool-wrapped {};
nixfiles-assets = callPackage ./nixfiles-assets {};
redlib = callPackage ./redlib {};
cross-seed = callPackage ./cross-seed {};
in
{
inherit (mopidyPackages) mopidy-autoplay ;
google-fonts = callPackage ./google-fonts { };
wm-helpers = callPackage ./wm-helpers { };
atool = callPackage ./atool-wrapped { };
nixfiles-assets = callPackage ./nixfiles-assets { };
redlib = callPackage ./redlib { };
cross-seed = callPackage ./cross-seed { };
}

48
pkgs/google-fonts/default.nix
View File

@ -1,9 +1,9 @@
{
lib,
stdenvNoCC,
fetchFromGitHub,
fonts ? [],
{ lib
, stdenvNoCC
, fetchFromGitHub
, fonts ? []
}:
stdenvNoCC.mkDerivation {
pname = "google-fonts";
version = "unstable-2023-10-20";
@ -11,7 +11,7 @@ stdenvNoCC.mkDerivation {
# Adobe Blank is split out in a separate output,
# because it causes crashes with `libfontconfig`.
# It has an absurd number of symbols
outputs = ["out" "adobeBlank"];
outputs = [ "out" "adobeBlank" ];
src = fetchFromGitHub {
owner = "google";
@ -45,32 +45,26 @@ stdenvNoCC.mkDerivation {
# FamilyName.ttf. This installs all fonts if fonts is empty and otherwise
# only the specified fonts by FamilyName.
fonts = map (font: builtins.replaceStrings [" "] [""] font) fonts;
installPhase =
''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
''
+ (
if fonts == []
then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
''
else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
''
);
installPhase = ''
adobeBlankDest=$adobeBlank/share/fonts/truetype
install -m 444 -Dt $adobeBlankDest ofl/adobeblank/AdobeBlank-Regular.ttf
rm -r ofl/adobeblank
dest=$out/share/fonts/truetype
'' + (if fonts == [] then ''
find . -name '*.ttf' -exec install -m 444 -Dt $dest '{}' +
'' else ''
for font in $fonts; do
find . \( -name "$font-*.ttf" -o -name "$font[*.ttf" -o -name "$font.ttf" \) -exec install -m 444 -Dt $dest '{}' +
done
'');
meta = with lib; {
homepage = "https://fonts.google.com";
description = "Font files available from Google Fonts";
license = with licenses; [asl20 ofl ufl];
license = with licenses; [ asl20 ofl ufl ];
platforms = platforms.all;
hydraPlatforms = [];
maintainers = with maintainers; [manveru];
sourceProvenance = [sourceTypes.binaryBytecode];
maintainers = with maintainers; [ manveru ];
sourceProvenance = [ sourceTypes.binaryBytecode ];
};
}

51
pkgs/legacy-module.nix
View File

@ -1,51 +0,0 @@
{
inputs,
self,
config,
lib,
options,
...
}: let
cfg = config.nixfiles.outputs.packages;
inherit (lib) mapAttrs mkEnableOption mkIf;
in {
options.nixfiles.outputs.packages = {
enable =
mkEnableOption ""
// {
description = ''
Whether to generate the packages output.
'';
default = true;
};
};
config = mkIf cfg.enable {
perSystem = {
system,
inputs',
self',
pkgs,
...
}: {
packages = let
inherit (pkgs) callPackage callPackages;
# i forget how this works so i'm not messing with it.
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
(mapAttrs (_: v: callPackage v {}) {
google-fonts = ./google-fonts;
wm-helpers = ./wm-helpers;
atool = ./atool-wrapped;
nixfiles-assets = ./nixfiles-assets;
redlib = ./redlib;
cross-seed = ./cross-seed;
})
// {
inherit (mopidyPackages) mopidy-autoplay;
};
};
};
}

61
pkgs/lucem/default.nix
View File

@ -1,61 +0,0 @@
{
lib,
buildNimPackage,
curl,
gtk4,
libadwaita,
pkg-config,
openssl,
xorg,
libxkbcommon,
libGL,
wayland,
wayland-protocols,
wayland-scanner,
fetchFromGitHub,
}:
buildNimPackage (finalAttrs: {
pname = "lucem";
version = "2.1.2";
src = fetchFromGitHub {
owner = "xTrayambak";
repo = "lucem";
tag = finalAttrs.version;
hash = "sha256-9i7YMXG6hXMcQmVdPYX+YxrtQPHZE1RZb+gv5dGEff8=";
};
patches = [
./lucem-disable-auto-updater.patch
];
lockFile = ./lock.json;
buildInputs = [
gtk4.dev
libadwaita.dev
openssl.dev
curl.dev
xorg.libX11
xorg.libXcursor.dev
xorg.libXrender
xorg.libXext
libxkbcommon.dev
libGL.dev
wayland.dev
wayland-protocols
wayland-scanner.dev
];
nativeBuildInputs = [
pkg-config
];
# env.LD_LIBRARY_PATH = lib.makeLibraryPath [
# gtk4.dev
# libadwaita.dev
# pkg-config
# curl.dev
# openssl.dev
# wayland.dev
# ];
})

291
pkgs/lucem/lock.json
View File

@ -1,291 +0,0 @@
{
"depends": [
{
"method": "fetchzip",
"path": "/nix/store/n3pckbrnpfnlcm7n0c5i75lgl47ghgha-source",
"rev": "d9ee0328d5cec8fd216d3ce8676cebf1976e9272",
"sha256": "02wq4wad7r517rls5n1i9gww9a138a20kiy3d2ax723s3h6s0srg",
"url": "https://github.com/4zv4l/colored_logger/archive/d9ee0328d5cec8fd216d3ce8676cebf1976e9272.tar.gz",
"ref": "HEAD",
"packages": [
"colored_logger"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bzcq8q439rdsqhhihikzv3rsx4l4ybdm-source",
"rev": "ea811bec7fa50f5abd3088ba94cda74285e93f18",
"sha256": "1720iqsxjhqmhw1zhhs7d2ncdz25r8fqadls1p1iry1wfikjlnba",
"url": "https://github.com/treeform/jsony/archive/ea811bec7fa50f5abd3088ba94cda74285e93f18.tar.gz",
"ref": "1.1.5",
"packages": [
"jsony"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f3ghbm17akdg7dj5sarr616hvma09dr5-source",
"rev": "fea85b27f0badcf617033ca1bc05444b5fd8aa7a",
"sha256": "1m96c3k83sj1z2vgjp55fplzf0kym6hhhym4ywydjl9x4zw1a5la",
"url": "https://github.com/status-im/nim-toml-serialization/archive/fea85b27f0badcf617033ca1bc05444b5fd8aa7a.tar.gz",
"ref": "HEAD",
"packages": [
"toml_serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/idsbhi7xb4dmfqbmbl5dq47qh2vs6mjj-source",
"rev": "9e770046c5cdf23d395d6b21c4657345481b1c76",
"sha256": "1li0r6ng3ynzh5qb12qs6czmaaay7gw45khs2niz291nia6navl1",
"url": "https://github.com/treeform/pretty/archive/9e770046c5cdf23d395d6b21c4657345481b1c76.tar.gz",
"ref": "0.2.0",
"packages": [
"pretty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/ax2p5d7wz6ipj0y2zpd9rckzzj7a6f0q-source",
"rev": "861092dc931e754650a735af590fbc34becc3942",
"sha256": "100vxxdpzayj44syfkwn5nrpk5189qiky43xh7w3k908yxrq0jbj",
"url": "https://github.com/can-lehmann/owlkettle/archive/861092dc931e754650a735af590fbc34becc3942.tar.gz",
"ref": "v3.0.0",
"packages": [
"owlkettle"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/y4f3wxlh76h10kflz7vqmkd4vniqp6kw-source",
"rev": "309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81",
"sha256": "0b7givvg0lij4qkv8xpisp0ahcadggavpb85jds5z5k19palh74c",
"url": "https://github.com/nimgl/nimgl/archive/309d6ed8164ad184ed5bbb171c9f3d9d1c11ff81.tar.gz",
"ref": "1.3.2",
"packages": [
"nimgl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nqnhn3vpi49aj4pn722c1qpinnzq056b-source",
"rev": "7b4266458b7435349b28a4468e0af58f1674b198",
"sha256": "12j4rzlxpibxy2jfah21qj1lf63rbkkki971y5i52dmnp84bhjzp",
"url": "https://github.com/treeform/netty/archive/7b4266458b7435349b28a4468e0af58f1674b198.tar.gz",
"ref": "0.2.1",
"packages": [
"netty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/cbzq2fmn5582kqx3w9ima7ll4x19cmx1-source",
"rev": "a0f42baacbc48f4e5924b18854c0df9dcc251466",
"sha256": "0033kxrh8s3wmmh5ky6vlbjk2mq3c3vy0syvl5rwah2zmg0k6wzf",
"url": "https://github.com/guzba/curly/archive/a0f42baacbc48f4e5924b18854c0df9dcc251466.tar.gz",
"ref": "1.1.1",
"packages": [
"curly"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/nzqdyy9q0q0rrlpmjmihrq084nyskidd-source",
"rev": "44dc097236de00c09ffed13d4e4aeaff1473870e",
"sha256": "0m7bdiz3dnmdb5cc8k4sksmb71mlg1n75582zv5hhvp2jsj9sxsa",
"url": "https://github.com/johnnovak/nim-nanovg/archive/44dc097236de00c09ffed13d4e4aeaff1473870e.tar.gz",
"ref": "v0.4.0",
"packages": [
"nanovg"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/85w9njq4kkp7cjhz40bmmksiv0053p50-source",
"rev": "9ce9aa3efa84f55bbf3d29ef0517b2411d08a357",
"sha256": "1lm4iynl0c8hzizwc723b29ss6cw78hhr6k62a7x7ddycmxyxsnm",
"url": "https://github.com/levovix0/siwin/archive/9ce9aa3efa84f55bbf3d29ef0517b2411d08a357.tar.gz",
"packages": [
"siwin"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/dvv6cgzl9xmax5rmjxnp5wrr08ibvjaw-source",
"rev": "8e2e098f82dc5eefd874488c37b5830233cd18f4",
"sha256": "01csz5bl4jiv7jx76k7izgknl7k73y2i9hd9s6brlhfqhq7cqxmz",
"url": "https://github.com/nim-lang/opengl/archive/8e2e098f82dc5eefd874488c37b5830233cd18f4.tar.gz",
"ref": "1.2.9",
"packages": [
"opengl"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/h98460b96pynrpwxawaq21w6rjhamlvi-source",
"rev": "ec7732a4810441a937fe3059494ba338090c4957",
"sha256": "0dw33jprxrc23bj0b6ypbg6n940nzxlrxa57df88q4ly1xvi6w1h",
"url": "https://github.com/euantorano/semver.nim/archive/ec7732a4810441a937fe3059494ba338090c4957.tar.gz",
"ref": "v1.2.3",
"packages": [
"semver"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/d6c7dvmzzvc1ja7kf65jbclbjv74zll7-source",
"rev": "2086c99608b4bf472e1ef5fe063710f280243396",
"sha256": "1m7c9bvxarw167kd5mpfnddzydji03azhz347hvad592qfw4vwrc",
"url": "https://github.com/status-im/nim-serialization/archive/2086c99608b4bf472e1ef5fe063710f280243396.tar.gz",
"ref": "v0.2.6",
"packages": [
"serialization"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/a5kmnnbk27rxk9vsx1vchiiq9znkpijf-source",
"rev": "79e4fa5a9d3374db17ed63622714d3e1094c7f34",
"sha256": "0x92sgnxczwx5ak067d6169j9qm0cdpbrcpp1ijrzgyfgknpyq0r",
"url": "https://github.com/status-im/nim-stew/archive/79e4fa5a9d3374db17ed63622714d3e1094c7f34.tar.gz",
"ref": "v0.2.0",
"packages": [
"stew"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/vx0a8hw7hs5an0dnbrn6l16bd6is7hdr-source",
"rev": "07f6ba8ab96238e5bd1264cf0cea1d1746abb00c",
"sha256": "005nrldaasfl09zdsni1vi8s7dk0y85ijv6rm2wpj94435x66s36",
"url": "https://github.com/treeform/flatty/archive/07f6ba8ab96238e5bd1264cf0cea1d1746abb00c.tar.gz",
"ref": "0.3.4",
"packages": [
"flatty"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/bqmdy8vic5wfvpc9hqp4rfrhjlxz4d7c-source",
"rev": "45b2b0bb753fe2376a205a183b2b3f291e19ba14",
"sha256": "1yz1lcclmhvji34ccymglzg535b3xfz0x4m12n3n22cxz156j63x",
"url": "https://github.com/Araq/libcurl/archive/45b2b0bb753fe2376a205a183b2b3f291e19ba14.tar.gz",
"ref": "v1.0.0",
"packages": [
"libcurl"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/zcd2hmjxlkp1bpb7c9xrpg153ssj3w0b-source",
"rev": "a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f",
"sha256": "16qdnyql8d7nm7nwwpq0maflm3p6cpbb2jfaqx6xkld9xkc9lsbv",
"url": "https://github.com/guzba/zippy/archive/a99f6a7d8a8e3e0213b3cad0daf0ea974bf58e3f.tar.gz",
"ref": "0.10.16",
"packages": [
"zippy"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/4q986rlniaxascxkvx4q8rsx12frjd51-source",
"rev": "325d6ade0970562bee7d7d53961a2c3287f0c4bc",
"sha256": "0qa8hzvamsdszygra3lcc92zk6rzm3gh1mzgjq9khbanzbg3y67n",
"url": "https://github.com/treeform/webby/archive/325d6ade0970562bee7d7d53961a2c3287f0c4bc.tar.gz",
"ref": "0.2.1",
"packages": [
"webby"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/lk4hcmvwvliliyyidx7k3fk9yfijddc5-source",
"rev": "b2e71179174e040884ebf6a16cbac711c84620b9",
"sha256": "0pi6cq43ysm1wy5vva3i2dqvyh4dqppjjjl04yj9wfq7mngpqaa1",
"url": "https://github.com/treeform/chroma/archive/b2e71179174e040884ebf6a16cbac711c84620b9.tar.gz",
"ref": "0.2.7",
"packages": [
"chroma"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/f9dp6njaay5rf32f6l9gkw0dm25gim47-source",
"rev": "7282ae1247f2f384ebeaec3826d7fa38fd0e1df1",
"sha256": "1plw9lfrm42qar01rnjhm0d9mkzsc7c3b8kz43w5pb8j8drx1lyn",
"url": "https://github.com/treeform/vmath/archive/7282ae1247f2f384ebeaec3826d7fa38fd0e1df1.tar.gz",
"ref": "2.0.0",
"packages": [
"vmath"
],
"srcDir": "src"
},
{
"method": "fetchzip",
"path": "/nix/store/8qaywzr8nzsiddjba77nhf75hzmxx0d9-source",
"rev": "29aca5e519ebf5d833f63a6a2769e62ec7bfb83a",
"sha256": "16npqgmi2qawjxaddj9ax15rfpdc7sqc37i2r5vg23lyr6znq4wc",
"url": "https://github.com/nim-lang/x11/archive/29aca5e519ebf5d833f63a6a2769e62ec7bfb83a.tar.gz",
"ref": "1.2",
"packages": [
"x11"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/cxdwn7p4cis5hd5w4jsn8lql5vzx5civ-source",
"rev": "2b08c774afaafd600cf4c6f994cf78b8aa090c0c",
"sha256": "10zl9a5phdsjj811v8by0yzadfc8d3azaj878an2hr8qsfi9y1ps",
"url": "https://github.com/status-im/nim-faststreams/archive/2b08c774afaafd600cf4c6f994cf78b8aa090c0c.tar.gz",
"ref": "HEAD",
"packages": [
"faststreams"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/2ksmfd7p93a1a7ibcv3qzsk8h3c3shz7-source",
"rev": "845b6af28b9f68f02d320e03ad18eccccea7ddb9",
"sha256": "1c55kl05pbavm9v5dv42n43sql9qcrblhh3hnp99p5xmlv20c9vf",
"url": "https://github.com/status-im/nim-unittest2/archive/845b6af28b9f68f02d320e03ad18eccccea7ddb9.tar.gz",
"ref": "v0.2.3",
"packages": [
"unittest2"
],
"srcDir": ""
},
{
"method": "fetchzip",
"path": "/nix/store/17gj9sw2hw818cbxvd6i94n734inm1vf-source",
"rev": "df8113dda4c2d74d460a8fa98252b0b771bf1f27",
"sha256": "1h7amas16sbhlr7zb7n3jb5434k98ji375vzw72k1fsc86vnmcr9",
"url": "https://github.com/arnetheduck/nim-results/archive/df8113dda4c2d74d460a8fa98252b0b771bf1f27.tar.gz",
"ref": "v0.5.1",
"packages": [
"results"
],
"srcDir": ""
}
]
}

13
pkgs/lucem/lucem-disable-auto-updater.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/config.nim b/src/config.nim
index 64e4370..92aee9a 100644
--- a/src/config.nim
+++ b/src/config.nim
@@ -32,7 +32,7 @@ type
LucemConfig* = object
discord_rpc*: bool = false
- auto_updater*: bool = true
+ auto_updater*: bool = false
notify_server_region*: bool = true
loading_screen*: bool = true
polling_delay*: uint = 100

90
pkgs/lucem/nim_lk-rev-order-fix.patch
View File

@ -1,90 +0,0 @@
diff --git a/src/nim_lk.nim b/src/nim_lk.nim
index 2b8b0bc..68d8b64 100644
--- a/src/nim_lk.nim
+++ b/src/nim_lk.nim
@@ -4,7 +4,7 @@
# https://cyclonedx.org/docs/1.6/json/
import
- std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri],
+ std/[algorithm, deques, httpclient, json, options, os, osproc, parseutils, parseopt, streams, strutils, tables, uri, re],
pkg/nimblepkg/options,
pkg/nimblepkg/packageinfo,
pkg/nimblepkg/packageinfotypes,
@@ -89,6 +89,13 @@ proc startProcess(cmd: string; cmdArgs: varargs[string]): Process =
type GitPair = object
`ref`, `rev`: string
+proc cleanVersion(version: string): string =
+ let pattern = re"^v?(\d+\.\d+\.\d+.*)$" # Captures valid semantic versions
+ var matches: array[1, string]
+ if version.find(pattern, matches) >= 0:
+ return matches[0]
+ return version
+
proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
var line, rev, refer: string
var process =
@@ -104,12 +111,15 @@ proc gitLsRemote(url: string; tagsArg = false): seq[GitPair] =
const
refsTags = "refs/tags/"
headsTags = "refs/heads/"
+ headRef = "HEAD"
if refer.startsWith(refsTags):
refer.removePrefix(refsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
elif refer.startsWith(headsTags):
refer.removePrefix(headsTags)
result.add GitPair(`ref`: refer, `rev`: rev)
+ elif refer == headRef:
+ result.add GitPair(`ref`: refer, `rev`: rev)
stderr.write(process.errorStream.readAll)
close(process)
if tagsArg and result.len == 0:
@@ -120,22 +130,40 @@ proc matchRev(url: string; wanted: VersionRange): GitPair =
let special = $wanted.spe
if special[0] == '#':
result.rev = special[1..special.high]
+ return # early return
else:
quit("unhandled version " & url & " " & $wanted)
else:
let withTags = wanted.kind != verAny
let pairs = gitLsRemote(url, withTags)
var resultVersion: Version
+ var latestTag: GitPair
+
for pair in pairs:
try:
- var tagVer = pair.`ref`.newVersion
- if tagVer.withinRange(wanted) and resultVersion < tagVer:
+ var tagVer = cleanVersion(pair.`ref`).newVersion
+ if (tagVer.withinRange(wanted) or not withTags) and resultVersion < tagVer:
resultVersion = tagVer
- result = pair
+ latestTag = pair
except ParseVersionError: discard
- if result.rev == "" and pairs.len > 0:
- result = pairs[pairs.high]
- doAssert result.rev != "", url
+
+ if latestTag.rev != "":
+ result = latestTag
+ return # early return
+
+ let headPairs = gitLsRemote(url, false)
+ var headPair: GitPair
+
+ for pair in headPairs:
+ if pair.`ref` == "HEAD":
+ headPair = pair
+
+ if headPair.rev != "":
+ result = headPair
+ return # early return
+
+
+ doAssert false, "No matching revision found for " & url
proc collectMetadata(data: JsonNode) =
let storePath = data{"path"}.getStr

41
pkgs/lucem/update.nix
View File

@ -1,41 +0,0 @@
{
nixpkgs ? <nixpkgs>,
pkgs ? (import nixpkgs) {},
}: let
inherit (pkgs) callPackage fetchFromSourcehut fetchFromGitHub lib;
inherit (lib) escapeShellArg;
lucem = pkgs.callPackage ./. {};
nim_lk_patched = pkgs.nim_lk.overrideAttrs (final: prev: {
src = pkgs.fetchFromSourcehut {
owner = "~ehmry";
repo = "nim_lk";
rev = "c2d601095d1961d8f59f1fffe5b56788b255c3de";
hash = "sha256-1WD1UVi6N7tftE69LAhx86Qxc97oMHKARFsCVGqtEm4=";
};
patches = [
./nim_lk-rev-order-fix.patch
];
});
in
pkgs.stdenvNoCC.mkDerivation {
name = "lucem-lock.json";
src = lucem.src;
nativeBuildInputs = with pkgs; [
nim_lk_patched
nix-prefetch-git
nix
# cacert
git
];
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
find .
nim_lk > $out
'';
}

51
pkgs/module.nix
View File

@ -1,10 +1,25 @@
{
inputs,
self,
config,
lib,
options,
...
}: {
imports = [./legacy-module.nix];
config = {
}: let
cfg = config.nixfiles.outputs.packages;
inherit (lib) mapAttrs mkEnableOption mkIf;
in {
options.nixfiles.outputs.packages = {
enable =
mkEnableOption ""
// {
description = ''
Whether to generate the packages output.
'';
default = true;
};
};
config = mkIf cfg.enable {
perSystem = {
system,
inputs',
@ -12,21 +27,25 @@
pkgs,
...
}: {
packages = {
lucem = pkgs.callPackage ./lucem {};
};
};
packages = let
inherit (pkgs) callPackage callPackages;
flake = {
overlays.new-packages = final: prev: let
inherit (final) callPackage;
currentSystem = config.perSystem "${prev.system}";
flakePackages = currentSystem.packages;
addPackages = packages: lib.genAttrs packages (package: callPackage flakePackages.${package}.override {});
# i forget how this works so i'm not messing with it.
mopidyPackages = callPackages ./mopidy {
python = pkgs.python3;
};
in
addPackages [
"lucem"
];
(mapAttrs (_: v: callPackage v {}) {
google-fonts = ./google-fonts;
wm-helpers = ./wm-helpers;
atool = ./atool-wrapped;
nixfiles-assets = ./nixfiles-assets;
redlib = ./redlib;
cross-seed = ./cross-seed;
})
// {
inherit (mopidyPackages) mopidy-autoplay;
};
};
};
}

22
pkgs/mopidy/autoplay.nix
View File

@ -1,9 +1,5 @@
{
lib,
python3Packages,
fetchPypi,
mopidy,
}:
{ lib, python3Packages, fetchPypi, mopidy }:
# based on mopidy/jellyfin.nix
python3Packages.buildPythonApplication rec {
pname = "mopidy-autoplay";
@ -15,15 +11,15 @@ python3Packages.buildPythonApplication rec {
sha256 = "sha256-E2Q+Cn2LWSbfoT/gFzUfChwl67Mv17uKmX2woFz/3YM=";
};
propagatedBuildInputs = [mopidy];
propagatedBuildInputs = [ mopidy ];
# no tests implemented
doCheck = false;
pythonImportsCheck = ["mopidy_autoplay"];
pythonImportsCheck = [ "mopidy_autoplay" ];
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
description = "Mopidy extension to automatically pick up where you left off and start playing the last track from the position before Mopidy was shut down.";
license = licenses.asl20;
};
}

18
pkgs/mopidy/default.nix
View File

@ -1,14 +1,10 @@
{
lib,
newScope,
python,
}:
{ lib, newScope, python }:
# i have no idea what this is but there's some conflict if i don't do this
# based on https://github.com/NixOS/nixpkgs/blob/77f0d2095a8271fdb6e0d08c90a7d93631fd2748/pkgs/applications/audio/mopidy/default.nix
lib.makeScope newScope (self:
with self; {
inherit python;
pythonPackages = python.pkgs;
lib.makeScope newScope (self: with self; {
inherit python;
pythonPackages = python.pkgs;
mopidy-autoplay = callPackage ./autoplay.nix {};
})
mopidy-autoplay = callPackage ./autoplay.nix { };
})

33
pkgs/nixfiles-assets/default.nix
View File

@ -1,8 +1,5 @@
{
lib,
stdenvNoCC,
fetchFromGitea,
}: let
{ lib, stdenvNoCC, fetchFromGitea }:
let
src = fetchFromGitea {
domain = "gitea.protogen.io";
owner = "nullbite";
@ -13,16 +10,16 @@
fetchLFS = true;
};
in
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = ["installPhase"];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}
stdenvNoCC.mkDerivation {
pname = "nixfiles-assets";
version = src.rev;
inherit src;
phases = [ "installPhase" ];
installPhase = ''
cd $src
pwd
ls
mkdir -p $out/share/
cp -a wallpapers $out/share/
'';
}

31
pkgs/redlib/default.nix
View File

@ -1,22 +1,21 @@
{
lib,
stdenv,
cacert,
nixosTests,
rustPlatform,
fetchFromGitHub,
darwin,
nix-update-script,
{ lib
, stdenv
, cacert
, nixosTests
, rustPlatform
, fetchFromGitHub
, darwin
, nix-update-script
}:
rustPlatform.buildRustPackage rec {
pname = "redlib";
version = "0.35.1-unstable-2025-03-01";
version = "0.35.1-unstable-2025-02-03";
src = fetchFromGitHub {
owner = "redlib-org";
repo = "redlib";
rev = "357e7c2e096c1aa3bb871e42860dfd3be62e0bfb";
hash = "sha256-KX76kq3AX+GI8wIulGixgS5cENlNUcrKaes1dZwRhxI=";
rev = "a732f181430c14b3a292b54fd372e069018ab03c";
hash = "sha256-rQEnlRFiO30m29EmFb5g+A9fRPi6aHye/pZndNfc8Zk=";
};
patches = [
@ -25,7 +24,7 @@ rustPlatform.buildRustPackage rec {
./no-hash.patch
];
cargoHash = "sha256-5cwF+pntkAwtTwerYrJOfL4NRcL8Sb7lLZiajNcvSZY=";
cargoHash = "sha256-SQlHvb2zol4fUOVNcCspC+entqGA7th5zpi07dvOL2Y=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
@ -59,7 +58,7 @@ rustPlatform.buildRustPackage rec {
env = {
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GIT_HASH = src.rev;
GIT_HASH=src.rev;
};
doCheck = false;
@ -68,7 +67,7 @@ rustPlatform.buildRustPackage rec {
inherit (nixosTests) redlib;
};
passthru.updateScript = nix-update-script {extraArgs = ["--version=branch=main"];};
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch=main" ]; };
meta = {
changelog = "https://github.com/redlib-org/redlib/releases/tag/v${version}";
@ -76,6 +75,6 @@ rustPlatform.buildRustPackage rec {
homepage = "https://github.com/redlib-org/redlib";
license = lib.licenses.agpl3Only;
mainProgram = "redlib";
maintainers = with lib.maintainers; [soispha];
maintainers = with lib.maintainers; [ soispha ];
};
}

140
pkgs/wm-helpers/default.nix
View File

@ -1,85 +1,79 @@
{
pkgs,
lib,
cap-volume ? true,
unmute ? true,
...
}: let
keysetting =
pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
{ pkgs, lib, cap-volume ? true, unmute ? true, ...}:
let
keysetting = pkgs.writeShellScriptBin "keysetting"
''
wpctl=${pkgs.wireplumber}/bin/wpctl
notify_send=${pkgs.libnotify}/bin/notify-send
brightnessctl=${pkgs.brightnessctl}/bin/brightnessctl
cut=${pkgs.coreutils}/bin/cut
grep=${pkgs.gnugrep}/bin/grep
tr=${pkgs.coreutils}/bin/tr
bc=${pkgs.bc}/bin/bc
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
cap_volume=${pkgs.coreutils}/bin/${lib.boolToString cap-volume}
unmute=${pkgs.coreutils}/bin/${lib.boolToString unmute}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
notify-send () {
$notify_send -h string:x-canonical-private-synchronous:keysetting "$@"
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
getvol () {
echo "$(wpctl get-volume @DEFAULT_SINK@ | $tr -dc '[:digit:].')*100/1" | $bc
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
notifyvol () {
message="Volume: $(getvol)%"
if $wpctl get-volume @DEFAULT_SINK@ | $grep MUTED > /dev/null ; then
message="$message [MUTED]"
fi
notify-send "$message"
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
setvol () {
$wpctl set-volume @DEFAULT_SINK@ "$1"
notifyvol
}
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
volup () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
if $cap_volume && [[ $(( $(getvol) + 5 )) -gt 100 ]] ; then
setvol 1
return
fi
setvol 5%+
# notifyvol
}
setvol 5%+
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
voldown () {
if $unmute ; then
$wpctl set-mute @DEFAULT_SINK@ 0
fi
setvol 5%-
# notifyvol
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
notifybright () {
notify-send "Brightness: $(($($brightnessctl g)*100/$($brightnessctl m)))%"
}
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
setbright () {
$brightnessctl s "$1"
notifybright
}
case "$1" in
volumeup) volup ;;
volumedown) voldown ;;
mute) $wpctl set-mute @DEFAULT_SINK@ toggle; notifyvol;;
monup) setbright 5%+;;
mondown) setbright 5%-;;
esac
'';
in
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}
pkgs.symlinkJoin {
name = "wm-helpers";
paths = keysetting;
}

30
secrets/secrets.nix
View File

@ -12,20 +12,22 @@ let
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0enlNbo1V5q0yq6n90gRPsNznoQ/KLEjeo1yOAUyJwPi35cw+b3p4DRN7T55DcSivKKE9Hyh6bpaQWFJSLyP5jAtDrYkuUfNx5GkgrquMwMvwzk3Z+h2/J/WgDyKQZXtm9LHYTgiW8jDU1lBiks39IqCAGrCTLAmAHSaJ39A4ZpJwu6zZ9sQqT22E/UpFm5MBezdZbm8V0G+beX+y3+pp8Kag7goGNY+rgTgx7REDz3jzZz3FBP+CxKoo1H8HHz78RDqBb8HKpVQYNQkwvIBeczKawRHIkJO2Mk+1mc6Ta6beA9+Uyf+puxco2xl6BOnDInvnhWJIRXOJuR5P8/YWprE1o4ixF2N95D2GlJ618V7faEovu/sNj8qIvfA66OF1gG+LOfNAl+u2+3V8ewATF493F0q04zhenoH1ZdrsACJfL8tK9Ev9056ImR6aSJ5BjqCk0tMmnLKTZ7q3R2LoKnB1r/TXe10OH7rx5BDAt4OmD8a5QS0RvVgK3O/iMW0="
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSAD3bCc9ZHGqU+HoCtp69uU3Px5bbVYYrHbLS3AS1Xku9rPKE/oUU/fz8/AZxp6dLuKhPjQjLzgbFjM0rK57fiOPqBnlw3eAiIymrlB03ALLV3y+GF2OhVf2rkcPkUxjK978dwS9bxgty6WzPAoSjNwilzgf2CcLcHyIzDwwzWCndM9jtpXbUbLhOH6CvsvygBD7j06wakLOorTS+cAFecUvaUkDr6gSu6zpM29DcFiq8T1VoWhBzwC/9IKnxV/XqaZBM3Em7NfPQIzYWcD9A5+Holj2I6jcTSd9xIdMhD4Miqm8IdojPkP2NuVfD9AMxn0ccwbROG/zliyXtcxRj8b3jEquBKuN+yGqF5hexmKlhHmHua9NwhsWnGWjOWWSaPtsp3WOM/fEc7cWpVWZ+W8V5LbdWEY3Ke52Cz35QbOSml09H/gIzsMxZbiZvkJB4PvWKf0FoyZ8ojJWIaGP1/LQdXNMWorqy7tWp3sAw3JcMsR0ezJ3YoI6Y6FOIdL0="
];
in {
"cloudflare-dns.age".publicKeys = [rpi4] ++ all-user;
"wireguard-rpi4.age".publicKeys = [rpi4] ++ all-user;
"htpasswd.age".publicKeys = [rpi4] ++ all-user;
"htpasswd-cam.age".publicKeys = [rpi4] ++ all-user;
"authelia-users.age".publicKeys = [rpi4] ++ all-user;
"authelia-storage.age".publicKeys = [rpi4] ++ all-user;
"authelia-jwt.age".publicKeys = [rpi4] ++ all-user;
"authelia-session.age".publicKeys = [rpi4] ++ all-user;
"homepage.age".publicKeys = [rpi4] ++ all-user;
"paperless-admin.age".publicKeys = [rpi4] ++ all-user;
in
{
"cloudflare-dns.age".publicKeys = [ rpi4 ] ++ all-user;
"wireguard-rpi4.age".publicKeys = [ rpi4 ] ++ all-user;
"htpasswd.age".publicKeys = [ rpi4 ] ++ all-user;
"htpasswd-cam.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-users.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-storage.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-jwt.age".publicKeys = [ rpi4 ] ++ all-user;
"authelia-session.age".publicKeys = [ rpi4 ] ++ all-user;
"homepage.age".publicKeys = [ rpi4 ] ++ all-user;
"paperless-admin.age".publicKeys = [ rpi4 ] ++ all-user;
"restic-rclone.age".publicKeys = [rpi4 nullbox slab] ++ all-user;
"restic-password.age".publicKeys = [rpi4 nullbox slab] ++ all-user;
"restic-rclone.age".publicKeys = [ rpi4 nullbox slab ] ++ all-user;
"restic-password.age".publicKeys = [ rpi4 nullbox slab ] ++ all-user;
"anki-user.age".publicKeys = [rpi4] ++ all-user;
"anki-user.age".publicKeys = [ rpi4 ] ++ all-user;
}

11
system/cachix.nix
View File

@ -1,11 +1,8 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, config, ... }:
let
cfg = config.nixfiles.cachix;
in {
in
{
options.nixfiles.cachix.enable = lib.mkOption {
description = "Whether to enable the Cachix derivation cache";
type = lib.types.bool;

75
system/common/bootnext.nix
View File

@ -1,16 +1,11 @@
{
config,
lib,
pkgs,
options,
...
}: let
{ config, lib, pkgs, options, ... }:
let
inherit (lib) types escapeShellArg;
cfg = config.nixfiles.common.bootnext;
bootNextScriptMain = pkgs.writeShellScript "bootnext-wrapped" ''
set -Eeuxo pipefail
PATH=${lib.escapeShellArg (with pkgs; lib.makeBinPath [gnugrep coreutils efibootmgr])}
PATH=${lib.escapeShellArg (with pkgs; lib.makeBinPath [ gnugrep coreutils efibootmgr ])}
export PATH
function do_bootnext() {
@ -24,10 +19,9 @@
case "$1" in
${lib.concatStringsSep "\n" (
lib.mapAttrsToList (
name: value: " ${escapeShellArg name}) do_bootnext ${escapeShellArg value.efiPartUUID} ${escapeShellArg value.name} ;;"
)
cfg.entries
lib.mapAttrsToList (name: value:
" ${escapeShellArg name}) do_bootnext ${escapeShellArg value.efiPartUUID} ${escapeShellArg value.name} ;;"
) cfg.entries
)}
*) echo "Boot entry \"$1\" not configured."; exit 1;;
esac
@ -47,7 +41,7 @@
'';
desktopWrapper = pkgs.writeShellScript "bootnext-desktop-wrapper" ''
if ${pkgs.kdePackages.kdialog}/bin/kdialog --warningyesno "Are you sure you want to reboot?" ; then
if ${pkgs.libsForQt5.kdialog}/bin/kdialog --warningyesno "Are you sure you want to reboot?" ; then
${bootNextScript}/bin/bootnext "$@"
reboot
fi
@ -55,17 +49,18 @@
bootnextDesktopEntries = pkgs.symlinkJoin {
name = "bootnext-desktop-entries";
paths = lib.mapAttrsToList (name: value:
pkgs.makeDesktopItem {
paths = lib.mapAttrsToList (name: value: pkgs.makeDesktopItem {
name = "bootnext-reboot-${name}";
desktopName = "Reboot into ${value.desktopEntry.name}";
comment = "Select the entry defined by the `${name}` configuration in the bootnext script and then reboot.";
icon = "${value.desktopEntry.icon}";
keywords = ["bootnext" "reboot" "${name}" "${value.desktopEntry.name}"];
keywords = [ "bootnext" "reboot" "${name}" "${value.desktopEntry.name}" ];
exec = "${desktopWrapper} ${name}";
}) (lib.filterAttrs (_: value: value.desktopEntry.enable) cfg.entries);
};
in {
in
{
options = {
nixfiles.common.bootnext = {
enable = lib.mkOption {
@ -76,25 +71,19 @@ in {
default = false;
example = true;
};
enableDesktopEntries = lib.mkEnableOption "generation of bootnext Desktop entries" // {default = true;};
enableDesktopEntries = lib.mkEnableOption "generation of bootnext Desktop entries" // { default = true; };
entries = let
entryModule = {
name,
config,
...
}: {
entryModule = {name, config, ... }: {
options = let
uuidType = with types;
lib.mkOptionType {
name = "uuid";
description = "UUID";
descriptionClass = "noun";
check = let
uuidRegex = "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$";
in
x: str.check x && (builtins.match uuidRegex x) != null;
inherit (str) merge;
};
uuidType = with types; lib.mkOptionType {
name = "uuid";
description = "UUID";
descriptionClass = "noun";
check = let
uuidRegex = "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$";
in x: str.check x && (builtins.match uuidRegex x) != null;
inherit (str) merge;
};
in {
efiPartUUID = lib.mkOption {
description = "UUID of EFI partition containing boot entry";
@ -127,26 +116,22 @@ in {
};
};
};
in
lib.mkOption {
description = "bootnext entry";
type = with types; attrsOf (submodule entryModule);
};
in lib.mkOption {
description = "bootnext entry";
type = with types; attrsOf (submodule entryModule);
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [bootNextScript] ++ lib.optional cfg.enableDesktopEntries bootnextDesktopEntries;
environment.systemPackages = [ bootNextScript ] ++ lib.optional cfg.enableDesktopEntries bootnextDesktopEntries;
security.sudo.extraRules = lib.mkAfter [
{
commands = [
{
command = "${bootNextScriptMain}";
options = ["NOPASSWD"];
}
{ command = "${bootNextScriptMain}"; options = [ "NOPASSWD" ]; }
];
groups = ["wheel"];
groups = [ "wheel" ];
}
];
};

31
system/common/busybox.nix
View File

@ -1,25 +1,18 @@
{
config,
pkgs,
lib,
...
}: let
{ config, pkgs, lib, ... }:
let
cfg = config.nixfiles.common.busybox;
in {
options.nixfiles.common.busybox.enable =
lib.mkEnableOption ""
// {
description = ''
Whether to install Busybox into the system environment as a very low
priority fallback for common commands. This should *never* override a
user-installed package.
'';
};
options.nixfiles.common.busybox.enable = lib.mkEnableOption "" // {
description = ''
Whether to install Busybox into the system environment as a very low
priority fallback for common commands. This should *never* override a
user-installed package.
'';
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs;
lib.mkOrder 50 [
busybox
];
environment.systemPackages = with pkgs; lib.mkOrder 50 [
busybox
];
};
}

3
system/common/default.nix
View File

@ -1,4 +1,5 @@
{...}: {
{...}:
{
imports = [
./me.nix
./remote.nix

13
system/common/me.nix
View File

@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ...}:
let
cfg = config.nixfiles.common.me;
in {
in
{
options.nixfiles.common.me = {
enable = lib.mkEnableOption "my user account";
};
@ -15,7 +12,7 @@ in {
uid = 1000;
group = "nullbite";
isNormalUser = true;
extraGroups = ["wheel"] ++ lib.optional config.nixfiles.packageSets.fun.enable "input";
extraGroups = [ "wheel" ] ++ lib.optional config.nixfiles.packageSets.fun.enable "input";
packages = with pkgs; [
keychain
];

25
system/common/nix.nix
View File

@ -1,14 +1,8 @@
{
pkgs,
lib,
config,
options,
inputs,
nixpkgs,
...
}: let
{ pkgs, lib, config, options, inputs, nixpkgs, ... }:
let
cfg = config.nixfiles.common.nix;
in {
in
{
options.nixfiles.common.nix = {
enable = lib.mkEnableOption "common Nix configuration";
registerNixpkgs = lib.mkOption {
@ -17,8 +11,7 @@ in {
example = "true";
description = "Whether to register the Nixpkgs revision used by Nixfiles to the system's flake registry and make it tye system's <nixpkgs> channel";
};
/*
# TODO
/* # TODO
register = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
@ -29,7 +22,8 @@ in {
};
config = lib.mkMerge [
(lib.mkIf cfg.registerNixpkgs {
( lib.mkIf cfg.registerNixpkgs {
# this makes modern nix tools use the system's version of nixpkgs
nix.registry = {
# this keeps nixfiles-assets in the store so i can save some GitHub LFS
@ -64,9 +58,10 @@ in {
# compatibility becasue once `, vkcube` couldn't find the correct opengl
# driver or something (also it reduces the download size of temporary shell
# closures)
nix.nixPath = ["nixpkgs=${nixpkgs}"] ++ options.nix.nixPath.default;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ] ++ options.nix.nixPath.default;
})
(lib.mkIf cfg.enable {
( lib.mkIf cfg.enable {
# direnv is a tool to automatically load shell environments upon entering
# a directory. nix-direnv has an extensionn to keep nix shells in the
# system's gcroots so shells can be used after a gc without rebuilding.

15
system/common/remote.nix
View File

@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.common.remoteAccess;
in {
in
{
config = lib.mkIf cfg.enable {
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
@ -13,6 +10,7 @@ in {
enable = true;
openFirewall = true;
settings = {
};
};
@ -29,6 +27,5 @@ in {
networking.wireguard.enable = true;
};
options = {
nixfiles.common.remoteAccess.enable = lib.mkEnableOption "remote access options";
};
nixfiles.common.remoteAccess.enable = lib.mkEnableOption "remote access options" ; };
}

12
system/common/wm.nix
View File

@ -1,13 +1,9 @@
{
pkgs,
lib,
config,
options,
...
}: let
{ pkgs, lib, config, options, ...}:
let
inherit (lib) mkDefault mkIf mkEnableOption;
cfg = config.nixfiles.common.wm;
in {
in
{
config = mkIf cfg.enable {
# Common options for standalone window managers; many of these (or
# alternatives thereof) are pulled in by desktop environments.

17
system/default.nix
View File

@ -1,14 +1,4 @@
{
pkgs,
config,
lib,
options,
nixpkgs,
home-manager,
inputs,
utils,
...
} @ args:
{ pkgs, config, lib, options, nixpkgs, home-manager, inputs, utils, ... }@args:
# ^ all these args are yucky and non-portable, replace them with a module
# called from the scope of the flake that brings relevant
# inputs/outputs/overlays/etc into scope. this might even make nixfiles
@ -16,7 +6,8 @@
let
cfg = config.nixfiles;
flakeType = cfg.lib.types.flake;
in {
in
{
imports = [
./common
./hardware
@ -59,7 +50,7 @@ in {
lib = lib.mkOption {
description = "nixfiles library";
default = (import ../lib/nixfiles) {inherit pkgs;};
default = (import ../lib/nixfiles) { inherit pkgs; };
readOnly = true;
type = lib.types.attrs;
};

6
system/fragments/debugging.nix
View File

@ -1,9 +1,5 @@
{ config, lib, pkgs, ...}:
{
config,
lib,
pkgs,
...
}: {
environment = {
enableDebugInfo = true;
systemPackages = with pkgs; [

Some files were not shown because too many files have changed in this diff Show More